Total
7176 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0436 | 1 Gruntjs | 1 Grunt | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. | |||||
| CVE-2022-0401 | 1 W-zip Project | 1 W-zip | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Path Traversal in NPM w-zip prior to 1.0.12. | |||||
| CVE-2022-0369 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227. | |||||
| CVE-2022-0320 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE techniques. | |||||
| CVE-2022-0223 | 1 Schneider-electric | 1 Ecostruxure Power Commission | 2024-11-21 | N/A | 6.5 MEDIUM |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22) | |||||
| CVE-2022-0072 | 1 Litespeedtech | 1 Openlitespeed | 2024-11-21 | N/A | 5.8 MEDIUM |
| Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 | |||||
| CVE-2021-46897 | 1 Wagtailcrx | 1 Codered Extensions | 2024-11-21 | N/A | 6.5 MEDIUM |
| views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media. | |||||
| CVE-2021-46830 | 1 Helpsystems | 1 Goanywhere Managed File Transfer | 2024-11-21 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended. | |||||
| CVE-2021-46421 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | |||||
| CVE-2021-46420 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | |||||
| CVE-2021-46417 | 1 Franklinfueling | 2 Colibri, Colibri Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580. | |||||
| CVE-2021-46381 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. | |||||
| CVE-2021-46203 | 1 Taogogo | 1 Taocms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. | |||||
| CVE-2021-46104 | 1 Webp | 1 Webp Server Go | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the server. | |||||
| CVE-2021-45967 | 2 Igniterealtime, Pascom | 2 Openfire, Cloud Phone System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints. | |||||
| CVE-2021-45887 | 1 Ponton | 1 X\/p Messenger | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators, giving the attacker remote code execution on the underlying server via an imgs/*.jsp URI. | |||||
| CVE-2021-45783 | 1 Bookeen | 2 Notea, Notea Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information. | |||||
| CVE-2021-45746 | 1 Webank | 1 Wecube | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java. | |||||
| CVE-2021-45712 | 1 Rust-embed Project | 1 Rust-embed | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode. | |||||
| CVE-2021-45452 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. | |||||