Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-43858 | Path Traversal vulnerability in IBM I 7.3/7.4/7.5 IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. | 4.3 |
| 2022-12-21 | CVE-2022-36221 | Path Traversal vulnerability in Nokia Fastmile Firmware 3Tg00118Abad52 Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. | 6.5 |
| 2022-12-21 | CVE-2022-25895 | Path Traversal vulnerability in Lite-Dev-Server Project Lite-Dev-Server All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. | 7.5 |
| 2022-12-20 | CVE-2021-46856 | Path Traversal vulnerability in Huawei Emui and Harmonyos The multi-screen collaboration module has a path traversal vulnerability. | 7.5 |
| 2022-12-20 | CVE-2022-41591 | Path Traversal vulnerability in Huawei Emui and Harmonyos The backup module has a path traversal vulnerability. | 7.5 |
| 2022-12-20 | CVE-2022-25931 | Path Traversal vulnerability in Easy-Static-Server Project Easy-Static-Server All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. | 7.5 |
| 2022-12-19 | CVE-2022-40607 | Path Traversal vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. | 6.8 |
| 2022-12-19 | CVE-2022-41418 | Path Traversal vulnerability in Blogengine Blogengine.Net 3.3.8.0 An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. | 7.2 |
| 2022-12-19 | CVE-2022-4063 | Path Traversal vulnerability in Pluginus Inpost Gallery 2.1.4.1 The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. | 9.8 |
| 2022-12-17 | CVE-2022-23531 | Path Traversal vulnerability in Datadoghq Guarddog GuardDog is a CLI tool to identify malicious PyPI packages. | 7.8 |