Skip to main content

CWE-26

Path Traversal: '/dir/../filename'

11 CVEs Avg CVSS 7.1 MITRE
1
CRITICAL
5
HIGH
5
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-46747 MEDIUM CISA This Month

Path traversal in Siemens SINEC INS versions prior to V1.0 SP2 Update 6 exposes arbitrary file system locations via the SFTP directory listing endpoint. An authenticated low-privileged network attacker can send a crafted path to GET /api/sftp/uploadFiles to read files outside the intended directory scope, resulting in unauthorized disclosure of file system contents. No active exploitation or public proof-of-concept has been identified at time of analysis; the impact is limited to confidentiality with no integrity or availability consequence.

Path Traversal Sinec Ins
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2022-45133 MEDIUM This Month

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mahara
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-5866 MEDIUM This Month

Vulnerability in Delinea Centrify PAS v. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Privileged Access Service
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-5865 MEDIUM This Month

Vulnerability in Delinea Centrify PAS v. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Privileged Access Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-28064 CRITICAL Act Now

Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-29466 HIGH This Week

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Java
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-31551 HIGH This Week

Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Cmseasy
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-20345 MEDIUM This Month

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cisco Information Disclosure Path Traversal Appdynamics Controller
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2024-25466 npm HIGH PATCH This Week

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Google Document Picker
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-42021 HIGH PATCH This Week

A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Siveillance Video Management Software 2019 R1 Siveillance Video Management Software 2019 R2 Siveillance Video Management Software 2019 R3 Siveillance Video Management Software 2020 R1 +1
NVD
CVSS 3.1
7.5
EPSS
1.7%
EPSS 0% CVSS 5.3
MEDIUM This Month

Path traversal in Siemens SINEC INS versions prior to V1.0 SP2 Update 6 exposes arbitrary file system locations via the SFTP directory listing endpoint. An authenticated low-privileged network attacker can send a crafted path to GET /api/sftp/uploadFiles to read files outside the intended directory scope, resulting in unauthorized disclosure of file system contents. No active exploitation or public proof-of-concept has been identified at time of analysis; the impact is limited to confidentiality with no integrity or availability consequence.

Path Traversal Sinec Ins
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mahara
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Vulnerability in Delinea Centrify PAS v. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Privileged Access Service
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Vulnerability in Delinea Centrify PAS v. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Privileged Access Service
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Java
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Cmseasy
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cisco Information Disclosure +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Google +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Siveillance Video Management Software 2019 R1 Siveillance Video Management Software 2019 R2 +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy