Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-05 | CVE-2021-31800 | Path Traversal vulnerability in multiple products Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. | 9.8 |
| 2021-04-30 | CVE-2020-4039 | Path Traversal vulnerability in Fossasia Susi.Ai SUSI.AI is an intelligent Open Source personal assistant. | 9.1 |
| 2021-04-30 | CVE-2021-28959 | Path Traversal vulnerability in Zohocorp Manageengine Eventlog Analyzer Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. | 9.8 |
| 2021-04-30 | CVE-2020-18070 | Path Traversal vulnerability in Idreamsoft Icms 7.0.13 Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php". | 9.1 |
| 2021-04-29 | CVE-2021-30048 | Path Traversal vulnerability in Novel Boutique House-Plus Project Novel Boutique House-Plus 3.5.1 Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (?????-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter. | 5.3 |
| 2021-04-29 | CVE-2021-20090 | Path Traversal vulnerability in Buffalo products A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. | 9.8 |
| 2021-04-27 | CVE-2021-20714 | Path Traversal vulnerability in Wpfastestcache WP Fastest Cache Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors. | 6.5 |
| 2021-04-27 | CVE-2021-30635 | Path Traversal vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed). | 5.3 |
| 2021-04-26 | CVE-2021-29474 | Path Traversal vulnerability in Hedgedoc HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. | 5.8 |
| 2021-04-23 | CVE-2020-36321 | Path Traversal vulnerability in Vaadin Flow Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder. | 7.5 |