Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-26 | CVE-2022-46945 | Path Traversal vulnerability in Nagvis Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. | 6.5 |
| 2023-05-26 | CVE-2023-28382 | Path Traversal vulnerability in Et-X ESS REC Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. | 8.1 |
| 2023-05-25 | CVE-2023-26215 | Path Traversal vulnerability in Tibco EBX Add-Ons The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. | 6.5 |
| 2023-05-25 | CVE-2023-26216 | Path Traversal vulnerability in Tibco EBX Add-Ons The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. | 7.2 |
| 2023-05-25 | CVE-2023-31861 | Path Traversal vulnerability in Zlmediakit 4.0 ZLMediaKit 4.0 is vulnerable to Directory Traversal. | 7.5 |
| 2023-05-23 | CVE-2023-27507 | Path Traversal vulnerability in Microengine Mailform MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. | 9.8 |
| 2023-05-23 | CVE-2023-28408 | Path Traversal vulnerability in MW WP Form Project MW WP Form 4.4.2 Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings. | 9.8 |
| 2023-05-23 | CVE-2023-28413 | Path Traversal vulnerability in Snow Monkey Forms Project Snow Monkey Forms 5.0.6 Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition. | 9.8 |
| 2023-05-23 | CVE-2020-20012 | Path Traversal vulnerability in Sudytech Webplus PRO 1.4.7.8.401 WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control. | 9.8 |
| 2023-05-22 | CVE-2023-27067 | Path Traversal vulnerability in Sitecore Experience Platform Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx | 7.5 |