Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-03 | CVE-2021-37128 | Path Traversal vulnerability in Huawei Harmonyos HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file. | 9.8 |
| 2022-01-03 | CVE-2021-39970 | Path Traversal vulnerability in Huawei Harmonyos HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission. | 7.5 |
| 2022-01-03 | CVE-2021-25020 | Path Traversal vulnerability in Daan Complete Analytics Optimization Suite The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin | 4.9 |
| 2022-01-03 | CVE-2021-25021 | Path Traversal vulnerability in FFW Optimize MY Google Fonts The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin | 4.9 |
| 2022-01-03 | CVE-2021-44674 | Path Traversal vulnerability in Opmantek Open-Audit 4.2.0 An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. | 6.5 |
| 2021-12-30 | CVE-2021-20133 | Path Traversal vulnerability in Dlink Dir-2640-Us Firmware 1.01/1.01B04/1.11B02 Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of the day" banner to any file on the system, allowing them to read all or some of the contents of those files. | 6.1 |
| 2021-12-30 | CVE-2021-20134 | Path Traversal vulnerability in Dlink Dir-2640-Us Firmware 1.01/1.01B04/1.11B02 Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service (zebra or ripd). | 8.4 |
| 2021-12-30 | CVE-2021-45427 | Path Traversal vulnerability in Emerson Xweb300D EVO Firmware 3.0.7 Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. | 9.8 |
| 2021-12-27 | CVE-2020-20944 | Path Traversal vulnerability in Qibosoft 7.0 An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files. | 9.1 |
| 2021-12-26 | CVE-2021-45712 | Path Traversal vulnerability in Rust-Embed Project Rust-Embed An issue was discovered in the rust-embed crate before 6.3.0 for Rust. | 7.5 |