Weaknesses of type CWE-22

4,653 results

CVE-2019-11510CRITICALIn Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attackEPSS 100.0%KEV CVE-2022-29464CRITICALCertain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint withEPSS 100.0%KEV CVE-2020-5902CRITICALIn BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User InteEPSS 100.0%KEV CVE-2019-19781CRITICALAn issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory TEPSS 100.0%KEV CVE-2021-22005CRITICALThe vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 4EPSS 100.0%KEV CVE-2021-26086MEDIUMAffected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerabilitEPSS 100.0%KEV CVE-2018-13379CRITICALAn Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4EPSS 100.0%KEV CVE-2023-32315HIGHOpenfire administration console authentication bypassEPSS 100.0%KEV CVE-2021-41773HIGHPath traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49EPSS 100.0%KEV CVE-2021-20090CRITICALA path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= EPSS 100.0%KEV CVE-2021-42013CRITICALPath Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)EPSS 100.0%KEV CVE-2021-27065HIGHMicrosoft Exchange Server Remote Code Execution VulnerabilityEPSS 99.9%KEV CVE-2019-3396CRITICALThe Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.1EPSS 99.9%KEV CVE-2010-2861CRITICALMultiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to reEPSS 99.7%KEV CVE-2024-28995HIGHSolarWinds Serv-U L Directory Transversal VulnerabilityEPSS 99.6%KEV CVE-2021-21972CRITICALThe vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access EPSS 99.6%KEV CVE-2024-32113CRITICALApache OFBiz: Path traversal leading to RCEEPSS 99.4%KEV CVE-2024-4885CRITICALWhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution VulnerabilityEPSS 99.3%KEV CVE-2019-16278CRITICALDirectory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a cEPSS 99.1%KEV CVE-2022-30333HIGHRARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstEPSS 99.0%KEV

← previouspage 1 / 233next →