Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45921 | 1 Fusionauth | 1 Fusionauth | 2024-11-21 | 7.5 High |
| FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process. | ||||
| CVE-2022-45894 | 1 Planetestream | 1 Planet Estream | 2024-11-21 | 6.5 Medium |
| GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files. | ||||
| CVE-2022-45867 | 1 Mybb | 1 Mybb | 2024-11-21 | 7.2 High |
| MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution. | ||||
| CVE-2022-45866 | 2 Fedoraproject, Qpress Project | 2 Fedora, Qpress | 2024-11-21 | 5.3 Medium |
| qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file. | ||||
| CVE-2022-45852 | 2024-11-21 | 6.5 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5. | ||||
| CVE-2022-45792 | 1 Omron | 1 Sysmac Studio | 2024-11-21 | 7.8 High |
| Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user. | ||||
| CVE-2022-45783 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 6.5 Medium |
| An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. | ||||
| CVE-2022-45447 | 1 Prestashop | 1 M4 Pdf | 2024-11-21 | 6.5 Medium |
| M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The âfâ parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists. | ||||
| CVE-2022-45381 | 2 Jenkins, Redhat | 2 Pipeline Utility Steps, Openshift | 2024-11-21 | 8.1 High |
| Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system. | ||||
| CVE-2022-45374 | 2024-11-21 | 7.7 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4. | ||||
| CVE-2022-45368 | 2024-11-21 | 7.7 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75. | ||||
| CVE-2022-45299 | 1 Webbrowser Project | 1 Webbrowser | 2024-11-21 | 9.8 Critical |
| An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL. | ||||
| CVE-2022-45290 | 1 Kbase Doc Project | 1 Kbase Doc | 2024-11-21 | 9.1 Critical |
| Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java. | ||||
| CVE-2022-45269 | 1 Gmaolinx | 1 Linx Sphere | 2024-11-21 | 7.5 High |
| A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files. | ||||
| CVE-2022-45184 | 1 Ironmansoftware | 1 Powershell Universal | 2024-11-21 | 7.2 High |
| The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted HTTP request to particular endpoints in the web server. Patched Versions are 3.5.3 and 3.4.7. | ||||
| CVE-2022-45093 | 1 Siemens | 1 Sinec Ins | 2024-11-21 | 8.5 High |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product as well as with access to the SFTP server of the affected product (22/tcp), could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component. | ||||
| CVE-2022-45092 | 1 Siemens | 1 Sinec Ins | 2024-11-21 | 9.9 Critical |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component. | ||||
| CVE-2022-44942 | 1 Casbin | 1 Casdoor | 2024-11-21 | 8.1 High |
| Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. | ||||
| CVE-2022-44900 | 1 Py7zr Project | 1 Py7zr | 2024-11-21 | 9.1 Critical |
| A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file. | ||||
| CVE-2022-44749 | 1 Knime | 1 Knime Analytics Platform | 2024-11-21 | 5.5 Medium |
| A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being opened by a user, can overwrite arbitrary files that the user has write access to. It's not necessary to execute the workflow, opening the workflow is sufficient. The user will notice that something is wrong because an error is being reported but only after the files have already been written. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the user. In all cases the attacker has to know the location of files on the user's system, though. | ||||