Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-25 | CVE-2023-33777 | Path Traversal vulnerability in Prestashop Amazon An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack. | 5.3 |
| 2023-07-22 | CVE-2023-38633 | Path Traversal vulnerability in multiple products A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. | 5.5 |
| 2023-07-20 | CVE-2023-30200 | Path Traversal vulnerability in Advancedplugins Ultimateimagetool 2.1.02 In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” (ultimateimagetool) in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations without restriction by performing a path traversal attack. | 7.5 |
| 2023-07-20 | CVE-2023-37601 | Path Traversal vulnerability in Mobisystems Office Suite 10.9.1.42602 Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts. | 7.5 |
| 2023-07-20 | CVE-2023-31461 | Path Traversal vulnerability in Steelseries GG 36.0.0 Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability. | 7.5 |
| 2023-07-18 | CVE-2023-2913 | Path Traversal vulnerability in Rockwellautomation Thinmanager 13.0.0/13.0.1/13.0.2 An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. | 6.5 |
| 2023-07-17 | CVE-2023-37781 | Path Traversal vulnerability in Emqx 4.3.8 An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file. | 6.5 |
| 2023-07-14 | CVE-2023-38337 | Path Traversal vulnerability in Rswag Project Rswag rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project. | 7.5 |
| 2023-07-13 | CVE-2023-34135 | Path Traversal vulnerability in Sonicwall Analytics and Global Management System Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. | 6.5 |
| 2023-07-13 | CVE-2023-34129 | Path Traversal vulnerability in Sonicwall Analytics and Global Management System Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. | 8.8 |