Skip to main content

CWE-27

Path Traversal: 'dir/../../filename'

17 CVEs Avg CVSS 7.1 MITRE
1
CRITICAL
7
HIGH
9
MEDIUM
0
LOW
4
POC
0
KEV

Monthly

CVE-2026-20018 MEDIUM This Month

Unauthenticated remote attackers with admin credentials can exploit insufficient path validation in Cisco Secure Firewall Management Center and Threat Defense sftunnel functionality to write arbitrary files with root privileges on the underlying operating system. By crafting malicious directory paths during file synchronization, an attacker could create or overwrite critical system files. No patch is currently available for this vulnerability.

Cisco
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-66518 Maven HIGH PATCH This Week

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. [CVSS 8.8 HIGH]

Apache Kyuubi
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-10438 HIGH This Week

Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-58761 HIGH POC PATCH This Week

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Tautulli
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-52237 MEDIUM This Month

An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sscms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-43658 HIGH This Month

Patch traversal, External Control of File Name or Path vulnerability in Iocharger Home allows deletion of arbitrary files Likelihood: High, but requires authentication Impact: Critical - The. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.2
EPSS
0.2%
CVE-2024-7458 MEDIUM POC This Month

A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Eladmin
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.8%
CVE-2024-24809 HIGH POC THREAT Act Now

Traccar is an open source GPS tracking system. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal XSS File Upload
NVD GitHub
CVSS 3.1
8.5
EPSS
54.4%
CVE-2024-20348 HIGH This Week

A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-25828 MEDIUM POC This Month

cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Cmseasy
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
EPSS 0% CVSS 5.9
MEDIUM This Month

Unauthenticated remote attackers with admin credentials can exploit insufficient path validation in Cisco Secure Firewall Management Center and Threat Defense sftunnel functionality to write arbitrary files with root privileges on the underlying operating system. By crafting malicious directory paths during file synchronization, an attacker could create or overwrite critical system files. No patch is currently available for this vulnerability.

Cisco
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. [CVSS 8.8 HIGH]

Apache Kyuubi
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Tautulli
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sscms
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Month

Patch traversal, External Control of File Name or Path vulnerability in Iocharger Home allows deletion of arbitrary files Likelihood: High, but requires authentication Impact: Critical - The. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 1% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Eladmin
NVD GitHub VulDB
EPSS 54% CVSS 8.5
HIGH POC THREAT Act Now

Traccar is an open source GPS tracking system. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal XSS File Upload
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Fabric Controller
NVD
EPSS 1% CVSS 4.9
MEDIUM POC This Month

cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Cmseasy
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy