Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2022-21192 | Path Traversal vulnerability in Serve-Lite Project Serve-Lite All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join(). | 7.5 |
| 2023-01-26 | CVE-2022-25882 | Path Traversal vulnerability in Linuxfoundation Onnx Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd" | 7.5 |
| 2023-01-26 | CVE-2022-29844 | Path Traversal vulnerability in Westerndigital products A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. | 9.8 |
| 2023-01-26 | CVE-2022-31706 | Path Traversal vulnerability in VMWare Vrealize LOG Insight The vRealize Log Insight contains a Directory Traversal Vulnerability. | 9.8 |
| 2023-01-23 | CVE-2022-46639 | Path Traversal vulnerability in Correos 1.7.0/1.7.8 A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal. | 7.5 |
| 2023-01-23 | CVE-2022-46959 | Path Traversal vulnerability in Sonic Project Sonic 1.0.4 An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal. | 4.3 |
| 2023-01-23 | CVE-2023-23314 | Path Traversal vulnerability in Zdir Project Zdir 3.2.0 An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file. | 8.8 |
| 2023-01-20 | CVE-2023-22726 | Path Traversal vulnerability in ACT Project ACT act is a project which allows for local running of github actions. | 8.8 |
| 2023-01-20 | CVE-2022-47747 | Path Traversal vulnerability in Uber Kraken kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs. | 7.5 |
| 2023-01-20 | CVE-2021-37500 | Path Traversal vulnerability in Reprisesoftware Reprise License Manager Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server. | 8.1 |