CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2010-2861	High	94.3%	AdobeColdFusion	A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.	Mar 25, 2022	KEV
CVE-2020-1631	High	5.4%	JuniperJunos OS	A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform remote code execution.	Mar 25, 2022	KEV
CVE-2013-0629	High	84.0%	AdobeColdFusion	Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.	Mar 7, 2022	KEV
CVE-2018-20250	High	93.5%	RARLABWinRAR	WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution	Feb 15, 2022	KEV
CVE-2020-14864	High	94.0%	OracleIntelligence Enterprise Edition	Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.	Jan 18, 2022	KEV
CVE-2021-40870	High	94.2%	AviatrixAviatrix Controller	Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.	Jan 18, 2022	KEV
CVE-2018-14847	High	92.8%	MikroTikRouterOS	MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.	Dec 1, 2021	KEV
CVE-2020-3452	High	94.5%	CiscoAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)	Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.	Nov 3, 2021	KEV
CVE-2020-4430	High	84.3%	IBMData Risk Manager	IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitrary files from the system.	Nov 3, 2021	KEV
CVE-2021-1879	High	0.8%	AppleiOS, iPadOS, and watchOS	Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.	Nov 3, 2021	KEV
CVE-2019-3398	High	93.9%	AtlassianConfluence Server and Data Center	Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution.	Nov 3, 2021	KEV
CVE-2021-20090	High	94.4%	ArcadyanBuffalo Firmware	Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors.	Nov 3, 2021	KEV
CVE-2016-3976	High	81.5%	SAPNetWeaver	SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.	Nov 3, 2021	KEV
CVE-2021-42013	High	94.4%	ApacheHTTP Server	Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CGI scripts are enabled. This CVE ID resolves an incomplete patch for CVE-2021-41773.	Nov 3, 2021	KEV
CVE-2021-41773	High	94.4%	ApacheHTTP Server	Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013.	Nov 3, 2021	KEV
CVE-2019-3396	High 9.8	94.5%	AtlassianConfluence Server and Data Server	Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution.	Nov 3, 2021	KEVExploit
CVE-2019-18187	High	78.5%	Trend MicroOfficeScan	Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution.	Nov 3, 2021	KEV
CVE-2018-13379	High 9.1	94.5%	fortinetFortiOS	Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.	Nov 3, 2021	KEV
CVE-2021-20023	High	48.6%	SonicWallSonicWall Email Security	SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.	Nov 3, 2021	KEV
CVE-2018-2380	High	45.5%	SAPCustomer Relationship Management (CRM)	SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users.	Nov 3, 2021	KEV

CVE-2010-2861KEV

High

A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.

AdobeEPSS 94.3%

CVE-2020-1631KEV

High

A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform remote code execution.

JuniperEPSS 5.4%

CVE-2013-0629KEV

High

Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.

AdobeEPSS 84.0%

CVE-2018-20250KEV

High

WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution

RARLABEPSS 93.5%

CVE-2020-14864KEV

High

Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.

OracleEPSS 94.0%

CVE-2021-40870KEV

High

Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.

AviatrixEPSS 94.2%

CVE-2018-14847KEV

High

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

MikroTikEPSS 92.8%

CVE-2020-3452KEV

High

Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.

CiscoEPSS 94.5%

CVE-2020-4430KEV

High

IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitrary files from the system.

IBMEPSS 84.3%

CVE-2021-1879KEV

High

Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

AppleEPSS 0.8%

CVE-2019-3398KEV

High

Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution.

AtlassianEPSS 93.9%

CVE-2021-20090KEV

High

Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors.

ArcadyanEPSS 94.4%

CVE-2016-3976KEV

High

SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.

SAPEPSS 81.5%

CVE-2021-42013KEV

High

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CGI scripts are enabled. This CVE ID resolves an incomplete patch for CVE-2021-41773.

ApacheEPSS 94.4%

CVE-2021-41773KEV

High

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013.

ApacheEPSS 94.4%

CVE-2019-3396KEV

High

Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution.

AtlassianCVSS 9.8EPSS 94.5%

Exploit

CVE-2019-18187KEV

High

Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution.

Trend MicroEPSS 78.5%

CVE-2018-13379KEV

High

Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.

fortinetCVSS 9.1EPSS 94.5%

CVE-2021-20023KEV

High

SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.

SonicWallEPSS 48.6%

CVE-2018-2380KEV

High

SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users.

SAPEPSS 45.5%

1 2 3 4 5