Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-48660 | Path Traversal vulnerability in Dell products Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. | 7.5 |
| 2023-12-13 | CVE-2023-43586 | Path Traversal vulnerability in Zoom products Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access. | 8.8 |
| 2023-12-12 | CVE-2023-49089 | Path Traversal vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system (CMS). | 6.5 |
| 2023-12-12 | CVE-2023-28465 | Path Traversal vulnerability in Hapifhir HL7 Fhir Core The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. | 7.5 |
| 2023-12-12 | CVE-2023-46455 | Path Traversal vulnerability in Gl-Inet Gl-Ar300M Firmware 4.3.7 In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. | 7.5 |
| 2023-12-12 | CVE-2023-45316 | Path Traversal vulnerability in Mattermost Server Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack. | 8.8 |
| 2023-12-12 | CVE-2023-36654 | Path Traversal vulnerability in Prolion Cryptospike 3.0.15 Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters. | 6.5 |
| 2023-12-10 | CVE-2023-50449 | Path Traversal vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter. | 7.5 |
| 2023-12-09 | CVE-2023-6120 | Path Traversal vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. | 2.7 |
| 2023-12-08 | CVE-2023-46493 | Path Traversal vulnerability in Evershop 1.0.0 Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js. | 5.3 |