Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-24 | CVE-2023-31059 | Path Traversal vulnerability in Repetier-Server Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. | 7.5 |
| 2023-04-22 | CVE-2023-25508 | Path Traversal vulnerability in Nvidia BMC NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering. | 7.8 |
| 2023-04-21 | CVE-2023-26101 | Path Traversal vulnerability in Progress Flowmon Packet Investigator 12.0.1 In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon appliance's local filesystem. | 7.5 |
| 2023-04-20 | CVE-2023-28458 | Path Traversal vulnerability in Pretalx pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). | 4.3 |
| 2023-04-20 | CVE-2023-28459 | Path Traversal vulnerability in Pretalx pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). | 6.5 |
| 2023-04-19 | CVE-2023-21093 | Path Traversal vulnerability in Google Android In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. | 7.8 |
| 2023-04-18 | CVE-2023-29887 | Path Traversal vulnerability in Nuovo Spreadsheet-Reader 0.5.11 A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. | 7.5 |
| 2023-04-16 | CVE-2022-34126 | Path Traversal vulnerability in Glpi-Project Activity The Activity plugin before 3.1.1 for GLPI allows reading local files via directory traversal in the front/cra.send.php file parameter. | 7.5 |
| 2023-04-16 | CVE-2022-34127 | Path Traversal vulnerability in Glpi-Project Manageentities The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter. | 7.5 |
| 2023-04-14 | CVE-2023-26559 | Path Traversal vulnerability in Sync Oxygen Content Fusion and Oxygen XML web Author A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. | 5.3 |