Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-23 | CVE-2024-27318 | Path Traversal vulnerability in multiple products Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. | 7.5 |
| 2024-02-23 | CVE-2024-26150 | Path Traversal vulnerability in Linuxfoundation Backstage Backend-Common 0.21.0 `@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. | 7.5 |
| 2024-02-21 | CVE-2024-1704 | Path Traversal vulnerability in Crmeb 5.2.2 A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. | 8.1 |
| 2024-02-21 | CVE-2024-1703 | Path Traversal vulnerability in Crmeb 5.2.2 A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. | 5.3 |
| 2024-02-21 | CVE-2024-1708 | Path Traversal vulnerability in Connectwise Screenconnect 22.7/23.8.4/23.8.5 ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. | 8.4 |
| 2024-02-21 | CVE-2023-50955 | Path Traversal vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. | 2.7 |
| 2024-02-20 | CVE-2023-42791 | Path Traversal vulnerability in Fortinet Fortimanager A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 8.8 |
| 2024-02-20 | CVE-2024-21891 | Path Traversal vulnerability in Nodejs Node.Js Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | 8.8 |
| 2024-02-19 | CVE-2024-26129 | Path Traversal vulnerability in Prestashop PrestaShop is an open-source e-commerce platform. | 5.3 |
| 2024-02-16 | CVE-2023-49508 | Path Traversal vulnerability in Yetiforce Customer Relationship Management Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component. | 6.5 |