Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2024-11-05 CVE-2024-47253 Path Traversal vulnerability in 2N Access Commander
In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution.
network
low complexity
2n CWE-22
7.2
2024-11-04 CVE-2024-51582 Path Traversal vulnerability in Thimpress WP Hotel Booking
Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through 2.1.4.
network
low complexity
thimpress CWE-22
8.8
2024-10-30 CVE-2024-10005 Path Traversal vulnerability in Hashicorp Consul
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
network
low complexity
hashicorp CWE-22
5.8
2024-10-29 CVE-2024-5982 Path Traversal vulnerability in Gaizhenbiao Chuanhuchatgpt
A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt.
network
low complexity
gaizhenbiao CWE-22
critical
9.8
2024-10-29 CVE-2024-7774 Path Traversal vulnerability in Langchain 0.2.5
A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5.
network
low complexity
langchain CWE-22
critical
9.1
2024-10-29 CVE-2024-7962 Path Traversal vulnerability in Gaizhenbiao Chuanhuchatgpt 20240628
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files.
network
low complexity
gaizhenbiao CWE-22
7.5
2024-10-28 CVE-2024-44255 Path Traversal vulnerability in Apple products
A path handling issue was addressed with improved logic.
local
low complexity
apple CWE-22
7.8
2024-10-25 CVE-2024-48224 Path Traversal vulnerability in Funadmin 5.0.2
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.
network
low complexity
funadmin CWE-22
4.9
2024-10-25 CVE-2024-37847 Path Traversal vulnerability in Radixiot Mango and Mangoapi
An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.
network
low complexity
radixiot CWE-22
8.8
2024-10-25 CVE-2024-49381 Path Traversal vulnerability in Plenti
Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2.
network
low complexity
plenti CWE-22
7.5