Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2022-04-26 CVE-2022-28527 Path Traversal vulnerability in Dhcms Project Dhcms 20170919
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del.
network
low complexity
dhcms-project CWE-22
5.5
2022-04-26 CVE-2021-26629 Path Traversal vulnerability in Tobesoft Xplatform
A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation.
network
tobesoft CWE-22
6.8
2022-04-26 CVE-2022-29806 Path Traversal vulnerability in Zoneminder
ZoneMinder before 1.36.13 allows remote code execution via an invalid language.
network
low complexity
zoneminder CWE-22
7.5
2022-04-25 CVE-2021-35250 Path Traversal vulnerability in Solarwinds Serv-U 15.3
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3.
network
low complexity
solarwinds CWE-22
5.0
2022-04-25 CVE-2022-23457 Path Traversal vulnerability in Owasp Enterprise Security API
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library.
network
low complexity
owasp CWE-22
7.5
2022-04-25 CVE-2022-1390 Path Traversal vulnerability in Admin Word Count Column Project Admin Word Count Column
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique.
network
low complexity
admin-word-count-column-project CWE-22
7.5
2022-04-25 CVE-2022-1391 Path Traversal vulnerability in Kanev CAB Fare Calculator 1.0.3
The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
network
low complexity
kanev CWE-22
7.5
2022-04-25 CVE-2022-1392 Path Traversal vulnerability in Commoninja Videos Sync PDF
The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues
network
low complexity
commoninja CWE-22
5.0
2022-04-25 CVE-2021-40680 Path Traversal vulnerability in Articatech web Proxy 4.30.000000
There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi.
network
low complexity
articatech CWE-22
5.5
2022-04-21 CVE-2022-24424 Path Traversal vulnerability in Dell EMC Appsync 3.9.0.0/4.3.0.0
Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server.
network
low complexity
dell CWE-22
5.0