Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-25 | CVE-2023-27105 | Path Traversal vulnerability in Shanling Eddict Player and Mtouch OS A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal. | 9.8 |
| 2023-04-24 | CVE-2023-22914 | Path Traversal vulnerability in Zyxel products A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled. | 7.2 |
| 2023-04-24 | CVE-2022-48476 | Path Traversal vulnerability in Jetbrains Ktor In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible | 7.5 |
| 2023-04-24 | CVE-2023-31059 | Path Traversal vulnerability in Repetier-Server Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. | 7.5 |
| 2023-04-22 | CVE-2023-25508 | Path Traversal vulnerability in Nvidia BMC NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering. | 7.8 |
| 2023-04-21 | CVE-2023-26101 | Path Traversal vulnerability in Progress Flowmon Packet Investigator 12.0.1 In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon appliance's local filesystem. | 7.5 |
| 2023-04-20 | CVE-2023-28458 | Path Traversal vulnerability in Pretalx pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). | 4.3 |
| 2023-04-20 | CVE-2023-28459 | Path Traversal vulnerability in Pretalx pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). | 6.5 |
| 2023-04-19 | CVE-2023-21093 | Path Traversal vulnerability in Google Android In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. | 7.8 |
| 2023-04-18 | CVE-2023-29887 | Path Traversal vulnerability in Nuovo Spreadsheet-Reader 0.5.11 A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. | 7.5 |