Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-28 | CVE-2021-24962 | Path Traversal vulnerability in Iptanus Wordpress File Upload and Wordpress File Upload PRO The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution. | 8.8 |
| 2022-03-28 | CVE-2021-44124 | Path Traversal vulnerability in Hiby R3 PRO Firmware 1.5/1.6 Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. | 7.5 |
| 2022-03-28 | CVE-2021-26601 | Path Traversal vulnerability in Impresscms ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal. | 8.1 |
| 2022-03-27 | CVE-2022-26252 | Path Traversal vulnerability in Aapanel 6.8.21 aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. | 6.5 |
| 2022-03-25 | CVE-2022-27906 | Path Traversal vulnerability in Mendelson Oftp2 Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. | 5.9 |
| 2022-03-23 | CVE-2022-25266 | Path Traversal vulnerability in Passwork Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files). | 4.3 |
| 2022-03-23 | CVE-2022-25267 | Path Traversal vulnerability in Passwork Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files). | 8.8 |
| 2022-03-23 | CVE-2021-27471 | Path Traversal vulnerability in Rockwellautomation Connected Components Workbench 12.00.00 The parsing mechanism that processes certain file types does not provide input sanitization for file paths. | 8.6 |
| 2022-03-23 | CVE-2021-27473 | Path Traversal vulnerability in Rockwellautomation Connected Components Workbench 12.00.00 Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. | 8.2 |
| 2022-03-22 | CVE-2022-24774 | Path Traversal vulnerability in Cyclonedx Bill of Materials Repository Server CycloneDX BOM Repository Server is a bill of materials (BOM) repository server for distributing CycloneDX BOMs. | 8.1 |