Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-22
Total 5025 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-26256 1 Stagil 1 Stagil Navigation 2023-03-07 N/A 7.5 HIGH
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.
CVE-2023-26255 1 Stagil 1 Stagil Navigation 2023-03-07 N/A 7.5 HIGH
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.
CVE-2023-25265 1 Docmosis 1 Tornado 2023-03-07 N/A 7.5 HIGH
Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system.
CVE-2023-20943 1 Google 1 Android 2023-03-06 N/A 7.8 HIGH
In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890
CVE-2023-1009 1 Draytek 2 Vigor2960, Vigor2960 Firmware 2023-03-06 N/A 5.5 MEDIUM
A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi. The manipulation of the argument option with the input /../etc/password leads to path traversal. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability.
CVE-2023-26758 1 Smeup 1 Erp 2023-03-03 N/A 7.5 HIGH
Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService.
CVE-2023-22776 1 Arubanetworks 24 7010, 7030, 7205 and 21 more 2023-03-03 N/A 4.9 MEDIUM
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
CVE-2023-22774 1 Arubanetworks 24 7010, 7030, 7205 and 21 more 2023-03-03 N/A 6.5 MEDIUM
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
CVE-2023-22773 1 Arubanetworks 24 7010, 7030, 7205 and 21 more 2023-03-03 N/A 6.5 MEDIUM
Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system.
CVE-2022-35861 1 Pyenv 1 Pyenv 2023-03-03 4.6 MEDIUM 7.8 HIGH
pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. (Shims are executables that pass a command along to a specific version of pyenv. The version string is used to construct the path to the command, and there is no validation of whether the version specified is a valid version. Thus, relative path traversal can occur.)
CVE-2019-14418 1 Veritas 1 Resiliency Platform 2023-03-03 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine.
CVE-2022-48285 1 Jszip Project 1 Jszip 2023-03-03 N/A 7.3 HIGH
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
CVE-2022-32190 1 Golang 1 Go 2023-03-03 N/A 7.5 HIGH
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.
CVE-2023-25579 1 Nextcloud 1 Nextcloud Server 2023-03-03 N/A 7.5 HIGH
Nextcloud server is a self hosted home cloud product. In affected versions the `OC\Files\Node\Folder::getFullPath()` function was validating and normalizing the string in the wrong order. The function is used in the `newFile()` and `newFolder()` items, which may allow to creation of paths outside of ones own space and overwriting data from other users with crafted paths. This issue has been addressed in versions 25.0.2, 24.0.8, and 23.0.12. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2023-23063 1 Cellinx 1 Nvt Web Server 2023-03-03 N/A 7.5 HIGH
Cellinx NVT v1.0.6.002b is vulnerable to local file disclosure.
CVE-2023-1044 1 Muyucms 1 Muyucms 2023-03-02 N/A 8.8 HIGH
A vulnerability was found in MuYuCMS 2.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /editor/index.php. The manipulation of the argument file_path leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221803.
CVE-2023-1043 1 Muyucms 1 Muyucms 2023-03-02 N/A 4.3 MEDIUM
A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability.
CVE-2023-1045 1 Muyucms 1 Muyucms 2023-03-02 N/A 8.1 HIGH
A vulnerability was found in MuYuCMS 2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin.php/accessory/filesdel.html. The manipulation of the argument filedelur leads to relative path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221804.
CVE-2023-0104 1 Weintek 1 Easybuilder Pro 2023-03-02 N/A 7.8 HIGH
The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data.
CVE-2023-22973 1 Open-emr 1 Openemr 2023-03-02 N/A 8.8 HIGH
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.