Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2024-10-15 CVE-2024-0129 Path Traversal vulnerability in Nvidia Nemo
NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction.
local
low complexity
nvidia CWE-22
7.8
2024-10-14 CVE-2024-45731 Path Traversal vulnerability in Splunk
In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive.
network
low complexity
splunk CWE-22
8.0
2024-10-12 CVE-2024-9047 The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php.
network
low complexity
CWE-22
critical
9.8
2024-10-11 CVE-2024-7514 The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7.
network
low complexity
CWE-22
6.5
2024-10-10 CVE-2024-47868 Path Traversal vulnerability in Gradio Project Gradio
Gradio is an open-source Python package designed for quick prototyping.
network
low complexity
gradio-project CWE-22
7.5
2024-10-10 CVE-2024-47164 Path Traversal vulnerability in Gradio Project Gradio
Gradio is an open-source Python package designed for quick prototyping.
network
low complexity
gradio-project CWE-22
6.5
2024-10-10 CVE-2024-47166 Path Traversal vulnerability in Gradio Project Gradio
Gradio is an open-source Python package designed for quick prototyping.
network
low complexity
gradio-project CWE-22
5.3
2024-10-08 CVE-2024-47009 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
9.8
2024-10-08 CVE-2024-47010 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
9.8
2024-10-08 CVE-2024-47011 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information
network
low complexity
ivanti CWE-22
7.5