Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28527 | 1 Dhcms Project | 1 Dhcms | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del. | |||||
| CVE-2022-28523 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. | |||||
| CVE-2022-28478 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system. | |||||
| CVE-2022-28451 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature. | |||||
| CVE-2022-28444 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| UCMS v1.6 was discovered to contain an arbitrary file read vulnerability. | |||||
| CVE-2022-28380 | 1 Rc-httpd Project | 1 Rc-httpd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) allows ..%2f directory traversal if serve-static is used. | |||||
| CVE-2022-28357 | 1 Linuxfoundation | 1 Nats-server | 2024-11-21 | N/A | 9.8 CRITICAL |
| NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account. | |||||
| CVE-2022-28157 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server. | |||||
| CVE-2022-28156 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace. | |||||
| CVE-2022-28148 | 2 Jenkins, Microsoft | 2 Continuous Integration With Toad Edge, Windows | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers. | |||||
| CVE-2022-28146 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps. | |||||
| CVE-2022-28127 | 1 Robustel | 2 R1510, R1510 Firmware | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A data removal vulnerability exists in the web_server /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-28059 | 1 Verydows | 1 Verydows | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php. | |||||
| CVE-2022-28058 | 1 Verydows | 1 Verydows | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php. | |||||
| CVE-2022-28052 | 1 Roothub | 1 Roothub | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common/upload API, which could lead to remote arbitrary code execution. | |||||
| CVE-2022-27906 | 1 Mendelson | 1 Oftp2 | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory. | |||||
| CVE-2022-27844 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2024-11-21 | 5.0 MEDIUM | 2.7 LOW |
| Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70 | |||||
| CVE-2022-27836 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access. | |||||
| CVE-2022-27657 | 1 Sap | 1 Focused Run | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0. | |||||
| CVE-2022-27615 | 1 Synology | 1 Dns Server | 2024-11-21 | N/A | 7.7 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors. | |||||