Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-36654 | Path Traversal vulnerability in Prolion Cryptospike 3.0.15 Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters. | 6.5 |
| 2023-12-12 | CVE-2023-49058 | Path Traversal vulnerability in SAP Master Data Governance SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. | 5.3 |
| 2023-12-10 | CVE-2023-50449 | Path Traversal vulnerability in Jfinalcms Project Jfinalcms 5.0.0 JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter. | 7.5 |
| 2023-12-09 | CVE-2023-6120 | Path Traversal vulnerability in Collne Welcart E-Commerce The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. | 2.7 |
| 2023-12-08 | CVE-2023-46493 | Path Traversal vulnerability in Evershop 1.0.0 Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js. | 5.3 |
| 2023-12-08 | CVE-2023-46496 | Path Traversal vulnerability in Evershop 1.0.0 Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint. | 8.3 |
| 2023-12-08 | CVE-2023-46497 | Path Traversal vulnerability in Evershop 1.0.0 Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint. | 5.4 |
| 2023-12-07 | CVE-2023-6577 | Path Traversal vulnerability in Byzoro Patrolflow-Am-2530Pro Firmware 20231126 A vulnerability was found in Byzoro PatrolFlow 2530Pro up to 20231126. | 4.3 |
| 2023-12-07 | CVE-2023-33411 | Path Traversal vulnerability in Supermicro products A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information. | 7.5 |
| 2023-12-07 | CVE-2023-47440 | Path Traversal vulnerability in Gladysassistant Gladys Assistant Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. | 6.5 |