Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2021-06-18 CVE-2021-34553 Path Traversal vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access.
network
low complexity
sonatype CWE-22
4.3
2021-06-16 CVE-2020-22200 Path Traversal vulnerability in PHPcms 9.1.13
Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword.
network
low complexity
phpcms CWE-22
5.3
2021-06-16 CVE-2020-35762 Path Traversal vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files.
network
low complexity
bloofox CWE-22
2.7
2021-06-15 CVE-2021-34129 Path Traversal vulnerability in Laiketui 3.5.0
LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner.
network
low complexity
laiketui CWE-22
8.1
2021-06-11 CVE-2021-22762 Path Traversal vulnerability in Schneider-Electric Interactive Graphical Scada System
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition.
local
low complexity
schneider-electric CWE-22
7.8
2021-06-11 CVE-2021-24035 Path Traversal vulnerability in Whatsapp
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.
network
low complexity
whatsapp CWE-22
critical
9.1
2021-06-10 CVE-2021-31538 Path Traversal vulnerability in Lancom-Systems Lcos FX 10.5
LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allow Relative Path Traversal.
network
low complexity
lancom-systems CWE-22
7.5
2021-06-10 CVE-2021-34363 Path Traversal vulnerability in multiple products
The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.
network
low complexity
the-fuck-project fedoraproject CWE-22
critical
9.1
2021-06-09 CVE-2021-0097 Path Traversal vulnerability in Intel EFI Bios 7215
Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access.
low complexity
intel CWE-22
6.5
2021-06-08 CVE-2021-33203 Path Traversal vulnerability in multiple products
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs.
network
low complexity
djangoproject fedoraproject CWE-22
4.9