Total
6549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1264 | 1 Inductiveautomation | 1 Ignition | 2024-11-21 | N/A | 6.8 MEDIUM |
| The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code. | |||||
| CVE-2022-1166 | 1 Nootheme | 1 Jobmonster | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen. | |||||
| CVE-2022-1128 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1119 | 1 Simplefilelist | 1 Simple-file-list | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7. | |||||
| CVE-2022-1000 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7. | |||||
| CVE-2022-0959 | 1 Postgresql | 1 Pgadmin 4 | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. | |||||
| CVE-2022-0902 | 1 Abb | 14 Rmc-100, Rmc-100-lite, Rmc-100-lite Firmware and 11 more | 2024-11-21 | N/A | 8.1 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node. | |||||
| CVE-2022-0779 | 1 User-meta | 1 User Meta User Profile Builder And User Management | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads | |||||
| CVE-2022-0679 | 1 Narnoo Distributor Project | 1 Narnoo Distributor | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results in the disclosure of arbitrary files as the content of the file is then displayed in the response as JSON data. This could also lead to RCE with various tricks but depends on the underlying system and it's configuration. | |||||
| CVE-2022-0673 | 1 Eclipse | 1 Lemminx | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal. | |||||
| CVE-2022-0665 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2. | |||||
| CVE-2022-0493 | 1 String Locator Project | 1 String Locator | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be provided, which will be used to output the relevant matches from the matching file, all content of the file can be disclosed. | |||||
| CVE-2022-0436 | 1 Gruntjs | 1 Grunt | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. | |||||
| CVE-2022-0401 | 1 W-zip Project | 1 W-zip | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Path Traversal in NPM w-zip prior to 1.0.12. | |||||
| CVE-2022-0369 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227. | |||||
| CVE-2022-0320 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE techniques. | |||||
| CVE-2022-0223 | 1 Schneider-electric | 1 Ecostruxure Power Commission | 2024-11-21 | N/A | 6.5 MEDIUM |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22) | |||||
| CVE-2022-0072 | 1 Litespeedtech | 1 Openlitespeed | 2024-11-21 | N/A | 5.8 MEDIUM |
| Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1 | |||||
| CVE-2021-46897 | 1 Wagtailcrx | 1 Codered Extensions | 2024-11-21 | N/A | 6.5 MEDIUM |
| views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media. | |||||
| CVE-2021-46856 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||