Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2926 | 1 Adobe | 1 Download Manager | 2024-11-21 | N/A | 4.9 MEDIUM |
| The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory | |||||
| CVE-2022-2922 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | N/A | 4.9 MEDIUM |
| Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | |||||
| CVE-2022-2893 | 1 Ronds | 1 Equipment Predictive Maintenance | 2024-11-21 | N/A | 8.2 HIGH |
| RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files. | |||||
| CVE-2022-2863 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2024-11-21 | N/A | 4.9 MEDIUM |
| The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack | |||||
| CVE-2022-2788 | 1 Emerson | 1 Electric\'s Proficy | 2024-11-21 | N/A | 3.9 LOW |
| Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code. | |||||
| CVE-2022-2712 | 1 Eclipse | 1 Glassfish | 2024-11-21 | N/A | 6.5 MEDIUM |
| In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code. | |||||
| CVE-2022-2711 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | N/A | 7.2 HIGH |
| The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector. | |||||
| CVE-2022-2653 | 1 Planka | 1 Planka | 2024-11-21 | N/A | 6.5 MEDIUM |
| With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system. | |||||
| CVE-2022-2557 | 1 Radiustheme | 1 Team - Wordpress Team Members Showcase | 2024-11-21 | N/A | 8.8 HIGH |
| The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user | |||||
| CVE-2022-2554 | 1 Shortpixel | 1 Enable Media Replace | 2024-11-21 | N/A | 4.9 MEDIUM |
| The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example | |||||
| CVE-2022-2531 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability. | |||||
| CVE-2022-2464 | 1 Rockwellautomation | 1 Isagraf Workbench | 2024-11-21 | N/A | 7.7 HIGH |
| Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful. | |||||
| CVE-2022-2463 | 1 Rockwellautomation | 1 Isagraf Workbench | 2024-11-21 | N/A | 6.1 MEDIUM |
| Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. | |||||
| CVE-2022-2265 | 1 Identity And Directory Management System Project | 1 Identity And Directory Management System | 2024-11-21 | N/A | 7.5 HIGH |
| The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25 | |||||
| CVE-2022-2261 | 1 Xplodedthemes | 1 Wpide | 2024-11-21 | N/A | 7.2 HIGH |
| The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue. | |||||
| CVE-2022-2184 | 1 Wpwhitesecurity | 1 Captcha 4wp | 2024-11-21 | N/A | 8.8 HIGH |
| The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server. | |||||
| CVE-2022-2139 | 1 Advantech | 1 Iview | 2024-11-21 | N/A | 6.5 MEDIUM |
| The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. | |||||
| CVE-2022-2120 | 1 Offis | 1 Dcmtk | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. | |||||
| CVE-2022-2119 | 1 Offis | 1 Dcmtk | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. | |||||
| CVE-2022-2106 | 1 Smartics | 1 Smartics | 2024-11-21 | 4.0 MEDIUM | 3.8 LOW |
| Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. | |||||