Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-28 | CVE-2022-40082 | Path Traversal vulnerability in Cloudwego Hertz 0.3.0 Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function. | 7.5 |
| 2022-09-27 | CVE-2022-40199 | Path Traversal vulnerability in Ec-Cube Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information. | 2.7 |
| 2022-09-26 | CVE-2022-41352 | Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. | 9.8 |
| 2022-09-22 | CVE-2022-34026 | Path Traversal vulnerability in Icecoder 8.1 ICEcoder v8.1 allows attackers to execute a directory traversal. | 7.5 |
| 2022-09-22 | CVE-2022-40443 | Path Traversal vulnerability in Zzcms 2022 An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php. | 5.3 |
| 2022-09-22 | CVE-2022-40444 | Path Traversal vulnerability in Zzcms 2022 ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server. | 5.3 |
| 2022-09-22 | CVE-2022-28981 | Path Traversal vulnerability in Liferay Portal 7.4.0/7.4.1/7.4.2 Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter. | 7.5 |
| 2022-09-21 | CVE-2022-29799 | Path Traversal vulnerability in Microsoft Windows Defender for Endpoint A vulnerability was found in networkd-dispatcher. | 5.5 |
| 2022-09-21 | CVE-2022-41231 | Path Traversal vulnerability in Jenkins Build-Publisher Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint. | 5.7 |
| 2022-09-20 | CVE-2022-38340 | Path Traversal vulnerability in Safe FME Server Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload. | 7.2 |