Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-26 | CVE-2019-3556 | Path Traversal vulnerability in Facebook Hhvm HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. | 8.1 |
| 2021-10-25 | CVE-2021-40371 | Path Traversal vulnerability in Gridprosoftware Request Management Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap. | 9.8 |
| 2021-10-22 | CVE-2020-23038 | Path Traversal vulnerability in Kumilabs Swift File Transfer Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. | 7.5 |
| 2021-10-22 | CVE-2020-23040 | Path Traversal vulnerability in SKY File Project SKY File 2.1.0 Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands. | 7.5 |
| 2021-10-22 | CVE-2020-23061 | Path Traversal vulnerability in Dropouts Super Backup 2.0.5 Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command. | 7.5 |
| 2021-10-22 | CVE-2020-36488 | Path Traversal vulnerability in SKY File Project SKY File 2.1.0 An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands. | 6.5 |
| 2021-10-22 | CVE-2021-42556 | Path Traversal vulnerability in Rasa X Rasa X before 0.42.4 allows Directory Traversal during archive extraction. | 5.5 |
| 2021-10-22 | CVE-2021-35230 | Path Traversal vulnerability in Solarwinds Kiwi Cattools 3.6.0(Serviceedition) As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. | 6.7 |
| 2021-10-21 | CVE-2020-27304 | Path Traversal vulnerability in multiple products The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. | 9.8 |
| 2021-10-20 | CVE-2021-42771 | Path Traversal vulnerability in multiple products Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. | 7.8 |