Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-05 | CVE-2021-29246 | Path Traversal vulnerability in Btcpayserver Btcpay Server BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. | 6.7 |
| 2021-05-05 | CVE-2021-31800 | Path Traversal vulnerability in multiple products Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. | 9.8 |
| 2021-04-30 | CVE-2020-4039 | Path Traversal vulnerability in Fossasia Susi.Ai SUSI.AI is an intelligent Open Source personal assistant. | 9.1 |
| 2021-04-30 | CVE-2021-28959 | Path Traversal vulnerability in Zohocorp Manageengine Eventlog Analyzer Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. | 9.8 |
| 2021-04-30 | CVE-2020-18070 | Path Traversal vulnerability in Idreamsoft Icms 7.0.13 Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php". | 9.1 |
| 2021-04-29 | CVE-2021-30048 | Path Traversal vulnerability in Novel Boutique House-Plus Project Novel Boutique House-Plus 3.5.1 Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (?????-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter. | 5.3 |
| 2021-04-29 | CVE-2021-20090 | Path Traversal vulnerability in Buffalo products A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. | 9.8 |
| 2021-04-27 | CVE-2021-20714 | Path Traversal vulnerability in Wpfastestcache WP Fastest Cache Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors. | 6.5 |
| 2021-04-27 | CVE-2021-30635 | Path Traversal vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed). | 5.3 |
| 2021-04-26 | CVE-2021-29474 | Path Traversal vulnerability in Hedgedoc HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. | 5.8 |