Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-27 | CVE-2023-6307 | Path Traversal vulnerability in Jeecg Jimureport A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. | 9.8 |
| 2023-11-22 | CVE-2023-6265 | Path Traversal vulnerability in Draytek Vigor2960 Firmware 1.5.1.4/1.5.1.5 ** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. | 8.1 |
| 2023-11-22 | CVE-2023-47251 | Path Traversal vulnerability in M-Privacy Mprivacy-Tools and Tightgatevnc In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem. | 6.5 |
| 2023-11-22 | CVE-2023-47467 | Path Traversal vulnerability in Jeecg Jeecg-Boot 3.6.0 Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. | 6.5 |
| 2023-11-22 | CVE-2023-47313 | Path Traversal vulnerability in H-Mdm Headwind MDM 5.22.1 Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. | 5.4 |
| 2023-11-22 | CVE-2023-6160 | Path Traversal vulnerability in Lifterlms The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybe_serve_export function. | 6.7 |
| 2023-11-22 | CVE-2023-6252 | Path Traversal vulnerability in Hyphensolutions Chameleon Power 1.0 Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. | 7.5 |
| 2023-11-22 | CVE-2021-22151 | Path Traversal vulnerability in Elastic Kibana It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. | 4.3 |
| 2023-11-21 | CVE-2023-6209 | Path Traversal vulnerability in multiple products Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. | 6.5 |
| 2023-11-21 | CVE-2023-21417 | Path Traversal vulnerability in Axis OS Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. | 7.1 |