Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-08 | CVE-2022-4123 | Path Traversal vulnerability in multiple products A flaw was found in Buildah. | 3.3 |
| 2022-12-07 | CVE-2020-36565 | Path Traversal vulnerability in Labstack Echo Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read. | 5.3 |
| 2022-12-07 | CVE-2022-41720 | Path Traversal vulnerability in Golang GO On Windows, restricted files can be accessed via os.DirFS and http.Dir. | 7.5 |
| 2022-12-07 | CVE-2022-44942 | Path Traversal vulnerability in Casbin Casdoor Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. | 8.1 |
| 2022-12-06 | CVE-2022-44900 | Path Traversal vulnerability in Py7Zr Project Py7Zr A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file. | 9.1 |
| 2022-12-06 | CVE-2022-23470 | Path Traversal vulnerability in Galaxyproject Galaxy 22.01/22.01.1/22.05 Galaxy is an open-source platform for data analysis. | 7.5 |
| 2022-12-05 | CVE-2022-42706 | Path Traversal vulnerability in Sangoma Asterisk and Certified Asterisk An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. | 4.9 |
| 2022-12-01 | CVE-2022-29837 | Path Traversal vulnerability in Westerndigital products A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. | 7.8 |
| 2022-11-29 | CVE-2022-3361 | Path Traversal vulnerability in Ultimatemember Ultimate Member The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. | 4.3 |
| 2022-11-29 | CVE-2022-4030 | Path Traversal vulnerability in Simple-Press Simple:Press The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. | 8.1 |