Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-28 | CVE-2023-40827 | Path Traversal vulnerability in Pf4J Project Pf4J An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter. | 7.5 |
| 2023-08-28 | CVE-2023-40828 | Path Traversal vulnerability in Pf4J Project Pf4J An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function. | 7.5 |
| 2023-08-28 | CVE-2023-39810 | Path Traversal vulnerability in Busybox 1.30.1/1.33.2 An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. | 7.8 |
| 2023-08-25 | CVE-2023-3406 | Path Traversal vulnerability in M-Files Classic web 23.2 Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server | 6.5 |
| 2023-08-25 | CVE-2023-39699 | Path Traversal vulnerability in Icewarp Mail Server 10.4.5 IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. | 9.8 |
| 2023-08-22 | CVE-2020-24113 | Path Traversal vulnerability in Yealink W60B Firmware 77.83.0.85 Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS). | 9.1 |
| 2023-08-22 | CVE-2023-39026 | Path Traversal vulnerability in Filemage Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component. | 7.5 |
| 2023-08-22 | CVE-2023-37428 | Path Traversal vulnerability in Arubanetworks Edgeconnect Sd-Wan Orchestrator A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | 7.2 |
| 2023-08-22 | CVE-2023-39141 | Path Traversal vulnerability in Ziahamza Webui-Aria2 webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability. | 7.5 |
| 2023-08-21 | CVE-2023-25914 | Path Traversal vulnerability in Danfoss Ak-Sm 800A Firmware 3.3 Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. | 8.8 |