Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2022-05-21 CVE-2022-31268 Path Traversal vulnerability in Gitblit 1.9.3
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).
network
low complexity
gitblit CWE-22
7.5
2022-05-17 CVE-2022-1359 Path Traversal vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route.
network
low complexity
cambiumnetworks CWE-22
7.5
2022-05-17 CVE-2022-29332 Path Traversal vulnerability in Dlink Dir-825 Firmware 2022.01.1313.48
D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal.
network
low complexity
dlink CWE-22
6.5
2022-05-17 CVE-2021-42643 Path Traversal vulnerability in Cmseasy 7.7.520211012
cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability.
network
low complexity
cmseasy CWE-22
8.8
2022-05-16 CVE-2022-1721 Path Traversal vulnerability in Diagrams Drawio
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5.
network
low complexity
diagrams CWE-22
7.5
2022-05-14 CVE-2022-24830 Path Traversal vulnerability in Openclinica 3.14/3.16/3.16.1
OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM).
network
low complexity
openclinica CWE-22
critical
9.8
2022-05-13 CVE-2022-25591 Path Traversal vulnerability in Blogengine Blogengine.Net 3.3.8.0
BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request.
network
low complexity
blogengine CWE-22
critical
9.1
2022-05-12 CVE-2022-23166 Path Traversal vulnerability in Sysaid
Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path.
network
low complexity
sysaid CWE-22
critical
9.8
2022-05-12 CVE-2022-29298 Path Traversal vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.00
SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal.
network
low complexity
contec CWE-22
7.5
2022-05-11 CVE-2022-29596 Path Traversal vulnerability in Microstrategy Enterprise Manager 2022
MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password_&ConnMode=1&3054=Login substring for directory traversal.
network
low complexity
microstrategy CWE-22
critical
9.8