Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
relative vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-38346
An issue exists in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the func...
Windriver Vxworks 6.9
Windriver Vxworks 7.0
8.8
CVSSv3
CVE-2023-27533
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an malicious user to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an ma...
Haxx Curl
Fedoraproject Fedora 36
Netapp Active Iq Unified Manager -
Netapp Clustered Data Ontap 9.0
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
8.8
CVSSv3
CVE-2023-27534
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's h...
Haxx Curl
Fedoraproject Fedora 36
Netapp Active Iq Unified Manager -
Broadcom Brocade Fabric Operating System Firmware -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
8.8
CVSSv3
CVE-2023-1044
A vulnerability was found in MuYuCMS 2.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /editor/index.php. The manipulation of the argument file_path leads to relative path traversal. The attack can be launched remotel...
Muyucms Muyucms 2.2
8.8
CVSSv3
CVE-2022-26889
In Splunk Enterprise versions prior to 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an malicious user to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for...
Splunk Splunk
8.8
CVSSv3
CVE-2020-25150
A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and previous versions, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an...
Bbraun Datamodule Compactplus A10
Bbraun Datamodule Compactplus A11
Bbraun Spacecom
8.8
CVSSv3
CVE-2020-25617
An issue exists in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console (NAC), leading to execution of OS commands as root.
Solarwinds N-central 12.3.0.670
8.8
CVSSv3
CVE-2020-12026
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.
Advantech Webaccess
Advantech Webaccess 9.0.0
8.8
CVSSv3
CVE-2020-11498
Slack Nebula up to and including 1.1.0 contains a relative path vulnerability that allows a low-privileged malicious user to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can also use Nebula to execute arbitrary code in the user's o...
Slack Nebula
8.8
CVSSv3
CVE-2020-6418
Type confusion in V8 in Google Chrome before 80.0.3987.122 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.
Google Chrome
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
4 Github repositories
2 Articles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »