Total
7974 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36687 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2024-11-21 | 6.5 Medium |
| Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. | ||||
| CVE-2022-36593 | 1 Keking | 1 Kkfileview | 2024-11-21 | 6.5 Medium |
| kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java. | ||||
| CVE-2022-36261 | 1 Taogogo | 1 Taocms | 2024-11-21 | 9.1 Critical |
| An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt | ||||
| CVE-2022-36168 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 2.7 Low |
| A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: | ||||
| CVE-2022-35908 | 1 Cambiumnetworks | 1 Enterprise Wi-fi | 2024-11-21 | 8.8 High |
| Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent. | ||||
| CVE-2022-35861 | 1 Pyenv | 1 Pyenv | 2024-11-21 | 7.8 High |
| pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. (Shims are executables that pass a command along to a specific version of pyenv. The version string is used to construct the path to the command, and there is no validation of whether the version specified is a valid version. Thus, relative path traversal can occur.) | ||||
| CVE-2022-35650 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 7.5 High |
| The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default. | ||||
| CVE-2022-35410 | 2 0xacab, Debian | 2 Mat2, Debian Linux | 2024-11-21 | 7.5 High |
| mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive. | ||||
| CVE-2022-35216 | 1 Omicard Edm Project | 1 Omicard Edm | 2024-11-21 | 7.5 High |
| OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. | ||||
| CVE-2022-35204 | 1 Vitejs | 1 Vite | 2024-11-21 | 4.3 Medium |
| Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service. | ||||
| CVE-2022-34836 | 1 Abb | 1 Zenon | 2024-11-21 | 5.9 Medium |
| Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc. | ||||
| CVE-2022-34762 | 1 Schneider-electric | 4 Opc Ua Module For M580, Opc Ua Module For M580 Firmware, X80 Advanced Rtu Module and 1 more | 2024-11-21 | 5.9 Medium |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior) | ||||
| CVE-2022-34551 | 1 Sims Project | 1 Sims | 2024-11-21 | 6.5 Medium |
| Sims v1.0 was discovered to allow path traversal when downloading attachments. | ||||
| CVE-2022-34486 | 1 Pukiwiki | 1 Pukiwiki | 2024-11-21 | 7.2 High |
| Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allows a remote authenticated attacker with an administrative privilege to execute a malicious script via unspecified vectors. | ||||
| CVE-2022-34429 | 1 Dell | 1 Hybrid Client | 2024-11-21 | 6.5 Medium |
| Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | ||||
| CVE-2022-34378 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 5.5 Medium |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2022-34375 | 1 Dell | 1 Container Storage Modules | 2024-11-21 | 8.8 High |
| Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory. | ||||
| CVE-2022-34373 | 1 Dell | 1 Command \| Integration Suite For System Center | 2024-11-21 | 7.3 High |
| Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system. | ||||
| CVE-2022-34365 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 6.5 Medium |
| WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. | ||||
| CVE-2022-34179 | 1 Jenkins | 1 Embeddable Build Status | 2024-11-21 | 7.5 High |
| Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system. | ||||