Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2024-10-25 CVE-2024-10379 Path Traversal vulnerability in Esafenet CDG 5
A vulnerability classified as problematic was found in ESAFENET CDG 5.
network
low complexity
esafenet CWE-22
7.5
2024-10-25 CVE-2024-10011 Path Traversal vulnerability in Buddypress
The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter.
network
low complexity
buddypress CWE-22
8.1
2024-10-25 CVE-2024-45842 Path Traversal vulnerability in multiple products
Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests.
network
low complexity
toshibatec sharp CWE-22
5.3
2024-10-24 CVE-2024-49359 Path Traversal vulnerability in Zimaspace Zimaos
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI.
network
low complexity
zimaspace CWE-22
7.5
2024-10-24 CVE-2024-49760 Path Traversal vulnerability in Openrefine
OpenRefine is a free, open source tool for working with messy data.
network
low complexity
openrefine CWE-22
5.3
2024-10-24 CVE-2024-47883 Path Traversal vulnerability in Openrefine Butterfly
The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework.
network
low complexity
openrefine CWE-22
critical
9.1
2024-10-24 CVE-2024-48931 Path Traversal vulnerability in Zimaspace Zimaos
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI.
network
low complexity
zimaspace CWE-22
7.5
2024-10-23 CVE-2024-48213 Path Traversal vulnerability in Rockoa Xinhu 2.6.5
RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php.
network
low complexity
rockoa CWE-22
4.3
2024-10-23 CVE-2024-20379 Path Traversal vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
cisco CWE-22
6.5
2024-10-22 CVE-2024-35308 Path Traversal vulnerability in Pandorafms Pandora FMS 742/746
A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3.
network
low complexity
pandorafms CWE-22
8.8