Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-02 | CVE-2024-20449 | Path Traversal vulnerability in Cisco Nexus Dashboard Fabric Controller A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. | 8.8 |
| 2024-10-01 | CVE-2024-9224 | Path Traversal vulnerability in Kau-Boys Hello World The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. | 6.5 |
| 2024-09-27 | CVE-2024-9301 | Path Traversal vulnerability in Netflix E2Nest A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a | 7.5 |
| 2024-09-27 | CVE-2024-7149 | Path Traversal vulnerability in Themewinter Eventin The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters. | 8.8 |
| 2024-09-27 | CVE-2024-47292 | Path Traversal vulnerability in Huawei Emui and Harmonyos Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 5.5 |
| 2024-09-26 | CVE-2024-47170 | Path Traversal vulnerability in Agnai Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. | 4.3 |
| 2024-09-26 | CVE-2024-47171 | Path Traversal vulnerability in Agnai Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. | 4.3 |
| 2024-09-26 | CVE-2024-8704 | Path Traversal vulnerability in Advancedfilemanager Advanced File Manager The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter. | 7.2 |
| 2024-09-25 | CVE-2024-8941 | Path Traversal vulnerability in Scriptcase 9.4.019 Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass SecurityManager's intended restrictions and list and/or read a parent directory via a “/...” or directly into a path used in the POST parameter “field_file” by a web application. | 5.3 |
| 2024-09-24 | CVE-2024-8671 | Path Traversal vulnerability in Exthemes Wooevents The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. | 9.1 |