Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-42468 Path Traversal vulnerability in Openhab
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu.
network
low complexity
openhab CWE-22
7.5
2024-08-12 CVE-2024-42469 Path Traversal vulnerability in Openhab
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu.
network
low complexity
openhab CWE-22
critical
9.8
2024-08-12 CVE-2024-6759 Path Traversal vulnerability in Freebsd
When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/".
network
low complexity
freebsd CWE-22
5.3
2024-08-12 CVE-2024-7399 Path Traversal vulnerability in Samsung Magicinfo 9 Server
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
network
low complexity
samsung CWE-22
7.5
2024-08-12 CVE-2024-7693 Path Traversal vulnerability in Raidenmaild
Raiden MAILD Remote Management System from Team Johnlong Software has a Relative Path Traversal vulnerability, allowing unauthenticated remote attackers to read arbitrary file on the remote server.
network
low complexity
raidenmaild CWE-22
7.5
2024-08-08 CVE-2024-42408 Path Traversal vulnerability in Dorsettcontrols Infoscan 1.32/1.33/1.35
The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure.
network
high complexity
dorsettcontrols CWE-22
3.7
2024-08-07 CVE-2024-6707 Path Traversal vulnerability in Openwebui Open Webui 0.1.105
Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.
network
low complexity
openwebui CWE-22
8.8
2024-08-07 CVE-2024-37403 Path Traversal vulnerability in Ivanti Docs@Work
Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability.
local
low complexity
ivanti CWE-22
5.5
2024-08-06 CVE-2024-39226 Path Traversal vulnerability in Gl-Inet products
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.
network
low complexity
gl-inet CWE-22
critical
9.8
2024-08-06 CVE-2024-7564 Path Traversal vulnerability in Logsign Unified Secops Platform 6.4.11
Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability.
network
low complexity
logsign CWE-22
6.5