Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-25 | CVE-2023-3406 | Path Traversal vulnerability in M-Files Classic web 23.2 Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server | 6.5 |
| 2023-08-25 | CVE-2023-39699 | Path Traversal vulnerability in Icewarp Mail Server 10.4.5 IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. | 9.8 |
| 2023-08-22 | CVE-2020-24113 | Path Traversal vulnerability in Yealink W60B Firmware 77.83.0.85 Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS). | 9.1 |
| 2023-08-22 | CVE-2023-39026 | Path Traversal vulnerability in Filemage Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component. | 7.5 |
| 2023-08-22 | CVE-2023-37428 | Path Traversal vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | 7.2 |
| 2023-08-22 | CVE-2023-39141 | Path Traversal vulnerability in Ziahamza Webui-Aria2 webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability. | 7.5 |
| 2023-08-21 | CVE-2023-25914 | Path Traversal vulnerability in Danfoss Ak-Sm 800A Firmware 3.3 Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. | 7.5 |
| 2023-08-19 | CVE-2023-2110 | Path Traversal vulnerability in Obsidian Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/<absolute-path>". | 7.1 |
| 2023-08-19 | CVE-2023-2316 | Path Traversal vulnerability in Typora Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". | 7.4 |
| 2023-08-19 | CVE-2023-2971 | Path Traversal vulnerability in Typora Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". | 6.5 |