Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-07 | CVE-2022-23971 | Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898 ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. | 8.1 |
| 2022-04-07 | CVE-2022-26675 | Path Traversal vulnerability in Aenrich A+Hrd 6.8 aEnrich a+HRD has inadequate filtering for special characters in URLs. | 7.5 |
| 2022-04-07 | CVE-2021-46417 | Path Traversal vulnerability in Franklinfueling Colibri Firmware 1.8.19.8580 Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580. | 7.5 |
| 2022-04-06 | CVE-2021-41026 | Path Traversal vulnerability in Fortinet Fortiweb A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | 6.5 |
| 2022-04-06 | CVE-2021-30497 | Path Traversal vulnerability in Ivanti Avalanche 6.3.2 Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. | 7.5 |
| 2022-04-05 | CVE-2022-23732 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. | 8.8 |
| 2022-04-04 | CVE-2021-32981 | Path Traversal vulnerability in Aveva System Platform 2017/2020 AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. | 7.2 |
| 2022-04-04 | CVE-2021-44138 | Path Traversal vulnerability in Caucho Resin There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request. | 7.5 |
| 2022-04-03 | CVE-2022-26233 | Path Traversal vulnerability in Barco Control Room Management Suite Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. | 7.5 |
| 2022-04-03 | CVE-2022-27248 | Path Traversal vulnerability in Idearespa Reftree A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. | 6.5 |