Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-26 | CVE-2023-5991 | Path Traversal vulnerability in Motopress Hotel Booking Lite The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server | 9.8 |
| 2023-12-25 | CVE-2022-41760 | Path Traversal vulnerability in Nokia Network Functions Manager for Transport 19.9 An issue was discovered in NOKIA NFM-T R19.9. | 6.5 |
| 2023-12-25 | CVE-2022-41761 | Path Traversal vulnerability in Nokia Network Functions Manager for Transport 19.9 An issue was discovered in NOKIA NFM-T R19.9. | 6.5 |
| 2023-12-25 | CVE-2023-30451 | Path Traversal vulnerability in Typo3 11.5.24 In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]. | 4.9 |
| 2023-12-23 | CVE-2023-6972 | Path Traversal vulnerability in Backupbliss Backup Migration The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. | 9.8 |
| 2023-12-22 | CVE-2023-50731 | Path Traversal vulnerability in Mindsdb MindsDB is a SQL Server for artificial intelligence. | 9.1 |
| 2023-12-22 | CVE-2023-51449 | Path Traversal vulnerability in Gradio Project Gradio Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. | 7.5 |
| 2023-12-22 | CVE-2023-51651 | Path Traversal vulnerability in Amazon AWS Software Development KIT AWS SDK for PHP is the Amazon Web Services software development kit for PHP. | 3.3 |
| 2023-12-22 | CVE-2023-50254 | Path Traversal vulnerability in Deepin Reader Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. | 7.8 |
| 2023-12-21 | CVE-2023-46645 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. | 4.9 |