Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2023-6699 | Path Traversal vulnerability in Wpcompress WP Compress The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. | 7.5 |
| 2024-01-10 | CVE-2023-51127 | Path Traversal vulnerability in Flir AX8 Firmware 1.46.16 FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. | 7.5 |
| 2024-01-10 | CVE-2023-50916 | Path Traversal vulnerability in Kyocera Device Manager Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. | 7.2 |
| 2024-01-10 | CVE-2023-37932 | Path Traversal vulnerability in Fortinet Fortivoice An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests | 6.5 |
| 2024-01-10 | CVE-2023-48242 | Path Traversal vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | 6.5 |
| 2024-01-10 | CVE-2023-48243 | Path Traversal vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device. | 8.8 |
| 2024-01-10 | CVE-2023-48246 | Path Traversal vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | 6.5 |
| 2024-01-10 | CVE-2023-48249 | Path Traversal vulnerability in Bosch Nexo-Os 1000/1500Sp2 The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users. | 6.5 |
| 2024-01-10 | CVE-2024-0354 | Path Traversal vulnerability in Unknown-O Download-Station 1.1.8 A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. | 7.5 |
| 2024-01-09 | CVE-2024-0341 | Path Traversal vulnerability in Inis Project Inis 2.0.0/2.0.1 A vulnerability was found in Inis up to 2.0.1. | 7.5 |