Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-21 | CVE-2022-26960 | Path Traversal vulnerability in Std42 Elfinder connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. | 9.1 |
| 2022-03-18 | CVE-2020-25176 | Path Traversal vulnerability in multiple products Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. | 9.8 |
| 2022-03-18 | CVE-2021-45967 | Path Traversal vulnerability in multiple products An issue was discovered in Pascom Cloud Phone System before 7.20.x. | 9.8 |
| 2022-03-17 | CVE-2022-26500 | Path Traversal vulnerability in Veeam Backup & Replication Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. | 8.8 |
| 2022-03-17 | CVE-2022-21221 | Path Traversal vulnerability in Fasthttp Project Fasthttp The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. | 7.5 |
| 2022-03-17 | CVE-2022-1000 | Path Traversal vulnerability in Tiny File Manager Project Tiny File Manager Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7. | 9.8 |
| 2022-03-16 | CVE-2022-25249 | Path Traversal vulnerability in PTC Axeda Agent and Axeda Desktop Server When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.. | 7.5 |
| 2022-03-15 | CVE-2021-29134 | Path Traversal vulnerability in Gitea The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL. | 5.3 |
| 2022-03-15 | CVE-2022-22771 | Path Traversal vulnerability in Tibco Jasperreports Library and Jasperreports Server The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. | 8.8 |
| 2022-03-15 | CVE-2022-27203 | Path Traversal vulnerability in Jenkins Extended Choice Parameter 346.Vd87693C5A86C Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller. | 6.5 |