Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-26 | CVE-2023-5672 | Path Traversal vulnerability in Wpvibes WP Mail LOG The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files. | 6.5 |
| 2023-12-26 | CVE-2023-5991 | Path Traversal vulnerability in Motopress Hotel Booking Lite The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server | 9.8 |
| 2023-12-25 | CVE-2022-41760 | Path Traversal vulnerability in Nokia Network Functions Manager for Transport 19.9 An issue was discovered in NOKIA NFM-T R19.9. | 6.5 |
| 2023-12-25 | CVE-2022-41761 | Path Traversal vulnerability in Nokia Network Functions Manager for Transport 19.9 An issue was discovered in NOKIA NFM-T R19.9. | 6.5 |
| 2023-12-25 | CVE-2023-30451 | Path Traversal vulnerability in Typo3 11.5.24 In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]. | 4.9 |
| 2023-12-23 | CVE-2023-6972 | Path Traversal vulnerability in Backupbliss Backup Migration The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. | 9.8 |
| 2023-12-22 | CVE-2023-50731 | Path Traversal vulnerability in Mindsdb MindsDB is a SQL Server for artificial intelligence. | 9.1 |
| 2023-12-22 | CVE-2023-50254 | Path Traversal vulnerability in Deepin Reader Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. | 7.8 |
| 2023-12-21 | CVE-2023-46645 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. | 4.9 |
| 2023-12-19 | CVE-2023-38126 | Path Traversal vulnerability in Softing Edgeaggregator 3.4.0 Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. | 7.2 |