Total
6542 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-45921 | 1 Fusionauth | 1 Fusionauth | 2024-08-03 | 7.5 High |
FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process. | ||||
CVE-2022-45866 | 2 Fedoraproject, Qpress Project | 2 Fedora, Qpress | 2024-08-03 | 5.3 Medium |
qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file. | ||||
CVE-2022-45852 | 2024-08-03 | 6.5 Medium | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5. | ||||
CVE-2022-45894 | 1 Planetestream | 1 Planet Estream | 2024-08-03 | 6.5 Medium |
GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files. | ||||
CVE-2022-45833 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2024-08-03 | 6.8 Medium |
Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | ||||
CVE-2022-45867 | 1 Mybb | 1 Mybb | 2024-08-03 | 7.2 High |
MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authenticated users, with high privileges, to achieve local file inclusion and execution. | ||||
CVE-2022-45829 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2024-08-03 | 8.7 High |
Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress. | ||||
CVE-2022-45783 | 1 Dotcms | 1 Dotcms | 2024-08-03 | 6.5 Medium |
An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. | ||||
CVE-2022-45792 | 1 Omron | 1 Sysmac Studio | 2024-08-03 | 7.8 High |
Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user. | ||||
CVE-2022-45368 | 2024-08-03 | 7.7 High | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75. | ||||
CVE-2022-45374 | 2024-08-03 | 7.7 High | ||
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4. | ||||
CVE-2022-45381 | 2 Jenkins, Redhat | 2 Pipeline Utility Steps, Openshift | 2024-08-03 | 8.1 High |
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system. | ||||
CVE-2022-45290 | 1 Kbase Doc Project | 1 Kbase Doc | 2024-08-03 | 9.1 Critical |
Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java. | ||||
CVE-2022-45269 | 1 Gmaolinx | 1 Linx Sphere | 2024-08-03 | 7.5 High |
A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files. | ||||
CVE-2022-45184 | 1 Ironmansoftware | 1 Powershell Universal | 2024-08-03 | 7.2 High |
The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted HTTP request to particular endpoints in the web server. Patched Versions are 3.5.3 and 3.4.7. | ||||
CVE-2022-45299 | 1 Webbrowser Project | 1 Webbrowser | 2024-08-03 | 9.8 Critical |
An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL. | ||||
CVE-2022-45092 | 1 Siemens | 1 Sinec Ins | 2024-08-03 | 9.9 Critical |
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component. | ||||
CVE-2022-45093 | 1 Siemens | 1 Sinec Ins | 2024-08-03 | 8.5 High |
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product as well as with access to the SFTP server of the affected product (22/tcp), could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component. | ||||
CVE-2022-44942 | 1 Casbin | 1 Casdoor | 2024-08-03 | 8.1 High |
Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. | ||||
CVE-2022-44900 | 1 Py7zr Project | 1 Py7zr | 2024-08-03 | 9.1 Critical |
A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file. |