Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2021-09-27 CVE-2021-40097 Path Traversal vulnerability in Concretecms Concrete CMS
An issue was discovered in Concrete CMS through 8.5.5.
network
low complexity
concretecms CWE-22
6.5
2021-09-27 CVE-2021-40098 Path Traversal vulnerability in Concretecms Concrete CMS
An issue was discovered in Concrete CMS through 8.5.5.
network
low complexity
concretecms CWE-22
7.5
2021-09-27 CVE-2021-40103 Path Traversal vulnerability in Concretecms Concrete CMS
An issue was discovered in Concrete CMS through 8.5.5.
network
low complexity
concretecms CWE-22
5.0
2021-09-27 CVE-2021-40349 Path Traversal vulnerability in Speed Test Project Speed Test 0.5.3
e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack that results in information disclosure via the "GET /.." substring.
network
low complexity
speed-test-project CWE-22
5.0
2021-09-24 CVE-2021-22868 Path Traversal vulnerability in Github Enterprise Server
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site.
network
low complexity
github CWE-22
4.0
2021-09-23 CVE-2021-41381 Path Traversal vulnerability in Payara Micro Community
Payara Micro Community 5.2021.6 and below allows Directory Traversal.
network
payara CWE-22
4.3
2021-09-23 CVE-2021-22013 Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API.
network
low complexity
vmware CWE-22
5.0
2021-09-21 CVE-2021-41087 Path Traversal vulnerability in In-Toto In-Toto-Golang
in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity.
network
low complexity
in-toto CWE-22
4.0
2021-09-20 CVE-2021-24638 Path Traversal vulnerability in FFW Omgf
The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website.
network
low complexity
ffw CWE-22
6.4
2021-09-18 CVE-2021-3806 Path Traversal vulnerability in Tubitak Pardus Software Center
A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system.
network
tubitak CWE-22
7.1