Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-05 | CVE-2023-34407 | Path Traversal vulnerability in Harbingergroup Office Player 4.0.6.0.2 OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\ in a URL. | 7.5 |
| 2023-06-02 | CVE-2023-3031 | Path Traversal vulnerability in Webbax King-Avis Improper Limitation of a Pathname leads to a Path Traversal vulnerability in the module King-Avis for Prestashop, allowing a user knowing the download token to read arbitrary local files.This issue affects King-Avis: before 17.3.15. | 4.9 |
| 2023-06-01 | CVE-2023-27639 | Path Traversal vulnerability in Tshirtecommerce Custom Product Designer An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. | 7.5 |
| 2023-06-01 | CVE-2023-27640 | Path Traversal vulnerability in Tshirtecommerce Custom Product Designer An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. | 7.5 |
| 2023-06-01 | CVE-2023-29736 | Path Traversal vulnerability in Timmystudios Keyboard Themes 1.275.1.164 Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution. | 9.8 |
| 2023-06-01 | CVE-2023-32714 | Path Traversal vulnerability in Splunk and Splunk APP for Lookup File Editing In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory. | 8.1 |
| 2023-06-01 | CVE-2023-33544 | Path Traversal vulnerability in Hawt Hawtio 2.17.2 hawtio 2.17.2 is vulnerable to Path Traversal. | 5.5 |
| 2023-06-01 | CVE-2023-29159 | Path Traversal vulnerability in Encode Starlette Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette. | 7.5 |
| 2023-05-31 | CVE-2023-2909 | Path Traversal vulnerability in Asustor ADM EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. | 10.0 |
| 2023-05-31 | CVE-2023-2435 | Path Traversal vulnerability in Blog-In-Blog Project Blog-In-Blog 1.1.1 The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.1 via a shortcode attribute. | 7.2 |