Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-30 | CVE-2023-27534 | Path Traversal vulnerability in multiple products A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. | 8.8 |
| 2023-03-30 | CVE-2023-28732 | Path Traversal vulnerability in Acymailing Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. | 7.5 |
| 2023-03-29 | CVE-2022-2560 | Path Traversal vulnerability in Enterprisedt Completeftp Server This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. | 9.1 |
| 2023-03-28 | CVE-2023-27700 | Path Traversal vulnerability in Muyucms Project Muyucms 2.2 MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /accessory/picdel.html. | 8.1 |
| 2023-03-27 | CVE-2022-48361 | Path Traversal vulnerability in Huawei Emui and Harmonyos The Always On Display (AOD) has a path traversal vulnerability in theme files. | 5.3 |
| 2023-03-27 | CVE-2023-0241 | Path Traversal vulnerability in Postgresql Pgadmin 4 pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. | 6.5 |
| 2023-03-27 | CVE-2023-0467 | Path Traversal vulnerability in Wppool WP Dark Mode The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. | 4.3 |
| 2023-03-27 | CVE-2023-1134 | Path Traversal vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges. | 8.8 |
| 2023-03-27 | CVE-2023-1142 | Path Traversal vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation. | 9.8 |
| 2023-03-27 | CVE-2022-32199 | Path Traversal vulnerability in Scriptcase db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter. | 6.5 |