Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-28 | CVE-2023-31483 | Path Traversal vulnerability in Cauldrondevelopment Cbang tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive. | 7.5 |
| 2023-04-27 | CVE-2023-30380 | Path Traversal vulnerability in Dedecms 5.7.107 An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal. | 7.5 |
| 2023-04-27 | CVE-2023-30852 | Path Traversal vulnerability in Pimcore Pimcore is an open source data and experience management platform. | 4.9 |
| 2023-04-26 | CVE-2023-30265 | Path Traversal vulnerability in Cltphp 6.0 CLTPHP <=6.0 is vulnerable to Directory Traversal. | 6.5 |
| 2023-04-26 | CVE-2023-2273 | Path Traversal vulnerability in Rapid7 Insight Agent Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. | 7.5 |
| 2023-04-25 | CVE-2023-23838 | Path Traversal vulnerability in Solarwinds Database Performance Analyzer Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. | 6.5 |
| 2023-04-25 | CVE-2023-29200 | Path Traversal vulnerability in Contao Contao is an open source content management system. | 6.5 |
| 2023-04-25 | CVE-2023-27105 | Path Traversal vulnerability in Shanling Eddict Player and Mtouch OS A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal. | 9.8 |
| 2023-04-24 | CVE-2023-22914 | Path Traversal vulnerability in Zyxel products A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled. | 7.2 |
| 2023-04-24 | CVE-2022-48476 | Path Traversal vulnerability in Jetbrains Ktor In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible | 7.5 |