Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3733 | 1 Crud-file-server Project | 1 Crud-file-server | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3710 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2023-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. | |||||
| CVE-2018-3787 | 1 Simplehttpserver Project | 1 Simplehttpserver | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server. | |||||
| CVE-2018-3770 | 1 Markdown-pdf Project | 1 Markdown-pdf | 2023-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files. | |||||
| CVE-2018-3766 | 1 Buttle Project | 1 Buttle | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server. | |||||
| CVE-2018-3732 | 1 Resolve-path Project | 1 Resolve-path | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3729 | 1 Localhost-now Project | 1 Localhost-now | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3727 | 1 626 Project | 1 626 | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| 626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2022-29804 | 2 Golang, Microsoft | 2 Go, Windows | 2023-02-28 | N/A | 7.5 HIGH |
| Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. | |||||
| CVE-2022-41335 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortiswitchmanager | 2023-02-27 | N/A | 8.1 HIGH |
| A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests. | |||||
| CVE-2022-33892 | 1 Intel | 1 Quartus Prime | 2023-02-27 | N/A | 7.8 HIGH |
| Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-22380 | 1 Github | 1 Enterprise Server | 2023-02-27 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.6. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2019-11557 | 1 Web-dorado | 1 Wp Form Builder | 2023-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | |||||
| CVE-2019-11591 | 1 Web-dorado | 1 Contact Form | 2023-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | |||||
| CVE-2022-44299 | 1 Sscms | 1 Siteserver Cms | 2023-02-24 | N/A | 4.9 MEDIUM |
| SiteServerCMS 7.1.3 sscms has a file read vulnerability. | |||||
| CVE-2022-30299 | 1 Fortinet | 1 Fortiweb | 2023-02-24 | N/A | 4.3 MEDIUM |
| A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests. | |||||
| CVE-2022-30300 | 1 Fortinet | 1 Fortiweb | 2023-02-24 | N/A | 6.5 MEDIUM |
| A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests. | |||||
| CVE-2022-31836 | 1 Beego | 1 Beego | 2023-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk. | |||||
| CVE-2019-14206 | 1 Nevma | 1 Adaptive Images | 2023-02-24 | 6.4 MEDIUM | 7.5 HIGH |
| An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to delete arbitrary files via the $REQUEST['adaptive-images-settings'] parameter in adaptive-images-script.php. | |||||
| CVE-2019-15323 | 1 Ad Inserter Project | 1 Ad Inserter | 2023-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| The ad-inserter plugin before 2.4.20 for WordPress has path traversal. | |||||