Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-29 | CVE-2021-30048 | Path Traversal vulnerability in Novel Boutique House-Plus Project Novel Boutique House-Plus 3.5.1 Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (?????-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter. | 5.3 |
| 2021-04-29 | CVE-2021-20090 | Path Traversal vulnerability in Buffalo products A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. | 9.8 |
| 2021-04-27 | CVE-2021-20714 | Path Traversal vulnerability in Wpfastestcache WP Fastest Cache Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors. | 6.5 |
| 2021-04-27 | CVE-2021-30635 | Path Traversal vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed). | 5.3 |
| 2021-04-26 | CVE-2021-29474 | Path Traversal vulnerability in Hedgedoc HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. | 5.8 |
| 2021-04-23 | CVE-2020-36321 | Path Traversal vulnerability in Vaadin Flow Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder. | 7.5 |
| 2021-04-22 | CVE-2020-17564 | Path Traversal vulnerability in Feifeicms 4.0 Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the " Admin/DataAction.class.php" component. | 9.1 |
| 2021-04-22 | CVE-2020-17563 | Path Traversal vulnerability in Feifeicms 4.0 Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to " /index.php?s=/admin-tpl-del&id=". | 9.1 |
| 2021-04-22 | CVE-2020-7861 | Path Traversal vulnerability in Anysupport AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. | 9.8 |
| 2021-04-22 | CVE-2020-7858 | Path Traversal vulnerability in Cdnetworks Aquanplayer 2.0.0.92 There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. | 8.6 |