Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-19 | CVE-2023-5241 | Path Traversal vulnerability in Quantumcloud AI Chatbot The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. | 8.1 |
| 2023-10-18 | CVE-2023-45383 | Path Traversal vulnerability in Common-Services Sonice Etiquetage 2.5.9 In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. | 7.5 |
| 2023-10-18 | CVE-2023-39331 | Path Traversal vulnerability in Nodejs Node.Js A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. | 7.5 |
| 2023-10-18 | CVE-2023-39332 | Path Traversal vulnerability in multiple products Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. | 9.8 |
| 2023-10-17 | CVE-2023-34208 | Path Traversal vulnerability in Easyuse Mailhunter Ultimate 2020/2023 Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive. | 6.5 |
| 2023-10-16 | CVE-2023-43121 | Path Traversal vulnerability in Extremenetworks Exos 31.7.0/31.7.1/32.0 A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files. | 7.5 |
| 2023-10-16 | CVE-2023-45685 | Path Traversal vulnerability in Southrivertech Titan MFT Server and Titan Sftp Server Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal | 9.1 |
| 2023-10-16 | CVE-2023-45686 | Path Traversal vulnerability in Southrivertech Titan MFP Server Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal | 7.2 |
| 2023-10-16 | CVE-2023-45688 | Path Traversal vulnerability in Southrivertech Titan MFT Server and Titan Sftp Server Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command | 4.3 |
| 2023-10-16 | CVE-2023-45689 | Path Traversal vulnerability in Southrivertech Titan MFT Server and Titan Sftp Server Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal | 6.5 |