Path Traversal
Monthly
A Path Traversal vulnerability (CWE-35) exists in the Aeroscroll Gallery WordPress plugin (versions through 1.0.12) that allows unauthenticated remote attackers to access arbitrary files on the server, potentially exposing sensitive configuration files, database credentials, and other confidential data. The vulnerability has a CVSS score of 7.5 (High) with network accessibility and no authentication required, making it a significant information disclosure risk for all installations of affected versions.
Path traversal vulnerability in Fastw3b LLC FW Gallery (versions through 8.0.0) that allows unauthenticated remote attackers to cause denial of service by manipulating file path parameters. The vulnerability has a high CVSS score of 8.6 due to its network accessibility and lack of authentication requirements, though impact is limited to availability rather than confidentiality or integrity. Specific KEV status, EPSS scores, and publicly available POC information cannot be confirmed from the provided data, warranting immediate vendor contact for patch availability and exploitation status.
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service.
A privilege escalation vulnerability in A flaw (CVSS 7.8). High severity vulnerability requiring prompt remediation.
CVE-2025-4365 is an arbitrary file read vulnerability affecting Citrix NetScaler Console and NetScaler SDX (SVM) that allows unauthenticated remote attackers to read sensitive files from affected systems. The vulnerability has a CVSS score of 7.5 (high severity) with a network-accessible attack vector requiring no authentication or user interaction. While specific KEV and EPSS data were not provided in the intelligence sources, the combination of high CVSS, unauthenticated access, and file disclosure capability indicates this requires prompt remediation.
A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this issue. It is recommended to upgrade the affected component.
A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The identifier of the patch is 5db74202d632306a883ccce7339c5bdba0d16c5a. It is recommended to upgrade the affected component.
A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The patch is named 7ba93a10000fb77ee01731478ef40551a27bd5b9. It is recommended to apply a patch to fix this issue.
Conda-build versions prior to 25.4.0 are vulnerable to path traversal (Tarslip) attacks that allow unauthenticated remote attackers to write arbitrary files outside intended extraction directories by crafting malicious tar archives with directory traversal sequences. This critical vulnerability (CVSS 9.8) affects all users and systems utilizing conda-build for package compilation, with potential for privilege escalation and code execution depending on target file locations and system permissions.
A path traversal vulnerability in Liferay Portal 7.0.0 (CVSS 9.8) that allows remote attackers. Critical severity with potential for significant impact on affected systems.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.
A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java. The manipulation of the argument artifactId leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file /springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java of the component File Upload. The manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server.
The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
The Image Resizer On The Fly WordPress plugin (versions ≤1.1) contains a critical arbitrary file deletion vulnerability in its 'delete' task that allows unauthenticated attackers to remove arbitrary files from the server without authentication. This vulnerability can facilitate remote code execution by deleting critical files such as wp-config.php, leading to complete WordPress installation compromise. With a CVSS score of 9.1 and network-accessible attack vector requiring no user interaction or privileges, this represents a critical risk to all unpatched installations.
The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Critical directory traversal vulnerability in OpenC3 COSMOS versions before 6.1.0 affecting the /script-api/scripts/ endpoint. An unauthenticated attacker can exploit this flaw over the network with no user interaction required to read and potentially write arbitrary files on the affected system, achieving high confidentiality and integrity impact. The vulnerability has a CVSS score of 9.1 (Critical) with an CVSS vector indicating network-based attack, low complexity, and no privilege requirements.
Directory traversal vulnerability in OpenC3 COSMOS versions before 6.1.0 that allows unauthenticated remote attackers to read arbitrary files from the server via the openc3-api/tables endpoint. This high-severity issue (CVSS 7.5) enables confidentiality breaches without requiring authentication or user interaction, potentially exposing sensitive configuration files, credentials, and operational data managed by the COSMOS command and control system.
Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component
Critical path traversal vulnerability in RICOH Streamline NX V3 PC Client (versions 3.5.0-3.242.0) that allows unauthenticated remote attackers to execute arbitrary code on affected systems by tampering with specific files used by the product. With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this vulnerability poses immediate risk to organizations deploying vulnerable versions of the RICOH client software. KEV and EPSS status, POC availability, and active exploitation data are not yet available in public disclosures, but the severity profile (CVSS 9.8, CVSS:3.0/AV:N/AC:L/PR:N/UI:N) suggests high exploitability.
Directory traversal vulnerability in the recv_file method that permits authenticated attackers to write arbitrary files to the master cache directory, potentially leading to code execution or system compromise. The vulnerability affects products using vulnerable file reception mechanisms and carries a critical CVSS 9.6 score with network accessibility and low complexity. While specific KEV/EPSS data was not provided in the intelligence briefing, the combination of high CVSS, low attack complexity, and authenticated-but-common access vectors suggests elevated real-world risk.
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.
Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.
Path traversal vulnerability in Google Web Designer's template handling mechanism that enables remote code execution when users are socially engineered into downloading malicious ad templates. Versions prior to 16.3.0.0407 on Windows are affected, and the vulnerability requires user interaction (UI:R) but has no authentication requirements (PR:N). While CVSS 8.8 indicates high severity with complete confidentiality, integrity, and availability impact, exploitation probability and KEV status information is not provided in the available intelligence.
A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7), Mendix Studio Pro 10.6 (All versions < V10.6.24), Mendix Studio Pro 11 (All versions < V11.0.0), Mendix Studio Pro 8 (All versions < V8.18.35), Mendix Studio Pro 9 (All versions < V9.24.35). A zip path traversal vulnerability exists in the module installation process of Studio Pro. By crafting a malicious module and distributing it via (for example) the Mendix Marketplace, an attacker could write or modify arbitrary files in directories outside a developer’s project directory upon module installation.
Dell Wyse Management Suite versions prior to 5.2 contain an Absolute Path Traversal vulnerability (CWE-36) that allows unauthenticated remote attackers to read arbitrary files and gain unauthorized access without user interaction. The CVSS 8.2 score reflects high confidentiality impact and low integrity impact, with network-based attack vector requiring no privileges or interaction. No KEV/CISA active exploitation data, EPSS score, or public POC is currently confirmed in available intelligence, but the unauthenticated remote nature and path traversal primitive warrant immediate patching.
Local privilege escalation vulnerability in IBM AIX 7.3 and IBM VIOS 4.1.1's Perl implementation that allows non-privileged local users to execute arbitrary code through improper pathname neutralization (path traversal). With a CVSS score of 8.4 and no authentication requirement, this represents a critical risk for AIX environments where local user access exists. The vulnerability's active exploitation status and proof-of-concept availability would significantly elevate real-world risk.
Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.
In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.
In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.
Path traversal vulnerability in HPE Aruba Networking Private 5G Core APIs that allows authenticated users to iteratively navigate the filesystem and download sensitive system files. The vulnerability affects the Private 5G Core platform with a CVSS score of 7.7 (high severity) due to confidentiality impact across system boundaries. While requiring low-privilege authentication and network access, successful exploitation directly exposes protected system files containing sensitive configuration and credential data.
CVE-2025-40662 is an absolute path disclosure vulnerability in DM Corporative CMS that exposes sensitive filesystem information when an attacker requests non-existent files within the webroot/file directory. This high-severity information disclosure (CVSS 7.5) affects DM Corporative CMS users and allows unauthenticated remote attackers to enumerate and discover the absolute filesystem paths of the application, which typically precedes further exploitation. The vulnerability has not been confirmed as actively exploited in the wild (KEV status unknown from provided data), but represents a significant reconnaissance vector with minimal attack complexity.
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server.
Path traversal vulnerability (CWE-22) in a web application that allows authenticated users with high privileges to write arbitrary files to the system by manipulating file paths. While the CVSS score of 7.2 indicates moderate-to-high severity with high impact to confidentiality, integrity, and availability, the requirement for authenticated high-privilege access (PR:H) significantly constrains real-world exploitability. Active exploitation status, public POC availability, and EPSS score are unknown from the provided data, limiting definitive risk prioritization.
SAP NetWeaver Visual Composer contains a directory traversal vulnerability (CWE-22) that allows high-privileged users to bypass path validation controls and read or modify arbitrary files on the system. The vulnerability affects SAP NetWeaver Visual Composer across supported versions and has a CVSS score of 7.6 due to high confidentiality impact and network-accessible attack vector, though exploitation requires high privileges (PR:H). Exploitation likelihood and KEV/POC status cannot be confirmed from available data, but the high-privilege prerequisite significantly reduces real-world exploitability compared to the base CVSS score suggests.
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written into site.json. This enables attackers to exfiltrate sensitive system files such as /etc/passwd, application secrets, or configuration files accessible to the web server (www-data). The vulnerability stems from the way the HAXCMS backend handles the location field in the site's outline. When a user sends a POST request to /system/api/saveOutline, the backend stores the provided location value directly into the site.json file associated with the site, without validating or sanitizing the input. Later the location parameter is interpreted by the CMS to resolve and load the content for a given node. If the location field contains a relative path like `../../../etc/passwd`, the application will attempt to read and render that file. Version 11.0.0 fixes the issue.
Path traversal vulnerability in Mikado-Themes Grill and Chow WordPress themes (versions through 1.6) that enables PHP Local File Inclusion (LFI) attacks. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary files on the affected server, potentially exposing sensitive configuration files, database credentials, and other confidential data. The high CVSS score of 8.1 reflects significant impact on confidentiality and integrity, though exploitation requires higher attack complexity.
A Path Traversal vulnerability in Mikado-Themes GrandPrix WordPress theme (versions through 1.6) allows unauthenticated remote attackers to perform PHP Local File Inclusion (LFI) attacks, potentially leading to arbitrary file reading, information disclosure, and remote code execution. The vulnerability has a CVSS score of 8.1 (High) with high impact on confidentiality, integrity, and availability; exploitation requires medium attack complexity but no user interaction or privileges. KEV status and active exploitation data were not provided, but the high CVSS and LFI nature suggest significant real-world risk if POC is publicly available.
A Path Traversal vulnerability in Mikado-Themes MediClinic through version 2.1 enables unauthenticated remote attackers to conduct PHP Local File Inclusion (LFI) attacks, potentially allowing arbitrary file reading and code execution. The CVSS 8.1 score reflects high impact across confidentiality, integrity, and availability, though attack complexity is listed as HIGH. No public confirmation of active KEV exploitation or PoC availability is documented in standard feeds, but the high CVSS and LFI vector suggest this should be treated as a credible priority vulnerability.
Path traversal vulnerability in ThimPress WP Pipes that allows unauthenticated remote attackers to access files outside restricted directories, potentially causing denial of service or information disclosure. Versions through 1.4.2 are affected. The vulnerability has a high CVSS score of 8.6 due to network accessibility and no authentication requirements, though the impact is limited to availability rather than confidentiality or integrity.
Path traversal vulnerability in Spice Blocks (a WordPress plugin by spicethemes) affecting versions through 2.0.7.2 that allows unauthenticated remote attackers to read arbitrary files from the affected server. The vulnerability has a CVSS score of 7.5 (High) with network-based attack vector, no authentication required, and high confidentiality impact, making it a significant information disclosure risk for WordPress installations using this plugin.
A path traversal vulnerability (CWE-22) in Holest Engineering's Spreadsheet Price Changer for WooCommerce and WP E-commerce - Light plugin allows unauthenticated remote attackers to read arbitrary files from the server by manipulating file path parameters. The vulnerability affects all versions through 2.4.37 and has a CVSS score of 7.5, indicating high confidentiality impact with no authentication required. Real-world exploitability depends on confirmation of active exploitation status and proof-of-concept availability; the low attack complexity and network accessibility suggest this is a genuine, easily-exploitable threat to affected WordPress installations.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in nanbu Welcart e-Commerce allows Path Traversal. This issue affects Welcart e-Commerce: from n/a through 2.11.13.
Path Traversal vulnerability enabling PHP Local File Inclusion (LFI) in Frenify Arlo through version 6.0.3. The vulnerability allows unauthenticated remote attackers to read arbitrary files from the server filesystem by manipulating path parameters, potentially exposing sensitive configuration files, source code, and credentials. With a CVSS score of 8.1 and network-accessible attack vector, this vulnerability poses significant risk to confidentiality and integrity; exploitation likelihood and active weaponization status cannot be confirmed from available data, but the straightforward nature of path traversal attacks suggests moderate-to-high real-world exploitation probability.
Path traversal vulnerability in WebGeniusLab Seofy Core (versions up to 1.4.5) that allows unauthenticated remote attackers to achieve PHP Local File Inclusion (LFI) with high complexity. The vulnerability enables attackers to read arbitrary files and potentially execute code on affected systems. No public indicators confirm active exploitation or KEV listing at this time, but the high CVSS score (8.1) and remote attack vector indicate significant risk requiring urgent patching.
Path traversal vulnerability in LambertGroup CLEVER versions up to 2.6 that allows unauthenticated remote attackers to read arbitrary files from the affected system with high confidentiality impact. The vulnerability requires no user interaction and can be exploited over the network, making it a critical exposure for organizations running vulnerable CLEVER instances. While CVSS 7.5 indicates significant risk, actual exploitation depends on KEV listing status and public POC availability, which should be verified against current threat intelligence feeds.
Path traversal vulnerability in Apptha Slider Gallery versions up to 2.5 that allows unauthenticated remote attackers to read arbitrary files from the affected server by manipulating pathname parameters. The vulnerability has a CVSS score of 7.5 (High) with network-based attack vector requiring no privileges or user interaction, enabling confidentiality compromise of sensitive server files. Current KEV and EPSS status information is not provided in available sources, but the ease of exploitation (AC:L) and absence of authentication requirements significantly elevate real-world risk.
A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Directory traversal vulnerability in Allegra's extractFileFromZip method that allows authenticated attackers to execute arbitrary code on affected systems. The vulnerability stems from insufficient path validation, enabling remote code execution in the context of the running process. With a CVSS score of 8.8 and requiring only low-privilege authentication, this represents a significant risk to Allegra deployments, though exploitation requires prior authenticated access.
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.
Cross-Site Request Forgery (CSRF) vulnerability in POEditor that enables path traversal attacks, affecting versions 0.9.10 and earlier. An attacker can exploit this via a crafted request to perform unauthorized actions on behalf of an authenticated user, potentially leading to high availability impact. While the CVSS score of 7.4 indicates a significant threat, the requirement for user interaction (UI:R) and network-based attack vector limits real-world exploitability; current KEV and EPSS data are needed to determine if active exploitation is occurring.
Cross-Site Request Forgery (CSRF) vulnerability in the wphobby Backwp WordPress plugin (versions through 2.0.2) that enables path traversal attacks. An unauthenticated remote attacker can exploit this via a crafted web request to perform unauthorized actions and potentially access sensitive files outside intended directories. While the CVSS score of 7.4 indicates high severity with availability impact, the vulnerability requires user interaction (UI:R) and affects availability rather than confidentiality or integrity, suggesting moderate real-world exploitability.
Critical path traversal vulnerability (CWE-23) that allows unauthenticated remote attackers to read, write, or delete arbitrary files on affected servers with a CVSS score of 9.8. The vulnerability requires no user interaction, has low attack complexity, and grants complete confidentiality, integrity, and availability impact. Without access to KEV status, EPSS scores, POC details, or specific CPE identifiers from the provided data, this appears to be a severe vulnerability affecting multiple server-side products; confirmation of active exploitation status and patch availability requires cross-referencing official vendor security advisories.
A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Information Update. The manipulation of the argument nomeArquivo leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files
WP User Frontend Pro plugin versions up to 4.1.3 contain an arbitrary file deletion vulnerability in the delete_avatar_ajax() function that allows authenticated Subscriber-level users to delete critical files on WordPress servers without proper path validation. Successful exploitation can lead to remote code execution by deleting sensitive files such as wp-config.php, and the vulnerability is actively exploitable with no user interaction required. This represents a critical post-authentication privilege escalation affecting a widely-used WordPress plugin.
aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper limitation of a pathname to a restricted directory (path traversal). An attacker could exploit this vulnerability by sending a crafted web request to an affected device, followed by a specific command through an SSH session. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.
Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the local file system. An attacker could exploit these vulnerabilities by using a symbolic link to perform an agent upgrade that redirects the delete operation of any protected file. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.
Path traversal in Airleader MASTER enables reading embedded sensitive data.
A vulnerability classified as problematic has been found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. This affects the function image of the file src/main/java/cn/gson/oasys/controller/process/ProcedureController.java. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
A vulnerability was found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. It has been rated as problematic. Affected by this issue is the function image of the file src/main/java/cn/gson/oasys/controller/user/UserpanelController.java. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Critical authentication bypass vulnerability in Netgear WNR614 version 1.1.0.28_1.0.1WW that allows unauthenticated remote attackers to access sensitive configuration files through null-byte injection in the URL handler. The vulnerability affects the %00currentsetting.htm endpoint, enabling attackers to retrieve or modify device settings without credentials. This 0day has been publicly disclosed with proof-of-concept code available, and CVSS 7.3 reflects moderate confidentiality, integrity, and availability impact across network-accessible administration functions.
Path traversal in Python tarfile extraction with filter='data'.
Logic flaw in Python's TarFile module where the documented behavior of errorlevel=0 (skip filtered members) contradicts the actual implementation (extract filtered members anyway). This affects any application using Python's tarfile library with extraction filters, allowing attackers to extract files that should be blocked, potentially leading to path traversal or extraction of malicious content. The vulnerability has a high CVSS score (7.5) with network-accessible attack vector and no authentication required, though exploitation requires the application to implement extraction filters expecting them to be respected.
Path traversal vulnerability in Python's tarfile module extraction filters that allows attackers to bypass the 'data' and 'tar' filter protections, enabling symlink targets to point outside the extraction directory and permitting modification of file metadata. This affects any application using TarFile.extractall() or TarFile.extract() with filter='data' or filter='tar' on untrusted tar archives, as well as Python 3.14+ users relying on the new 'data' default filter. The vulnerability has a CVSS score of 7.5 (High) with high integrity impact, though exploitation requires an attacker to control the tar archive contents.
CVE-2025-4138 is a security vulnerability (CVSS 7.5) that allows the extraction filter. High severity vulnerability requiring prompt remediation.
Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
Directory traversal vulnerability in Parallels Desktop for Mac version 20.2.2 (build 55879) affecting the PVMP package unpacking functionality. An authenticated local attacker with limited privileges can exploit this flaw to write arbitrary files to the system, potentially achieving privilege escalation with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user interaction is not needed, making it a significant risk for multi-user or shared Mac environments.
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.
Directory Traversal vulnerability (CWE-22) in WebLaudos version 24.2 (04) that allows unauthenticated remote attackers to read arbitrary files and obtain sensitive information through improper validation of the 'id' parameter. With a CVSS score of 7.5 and network-based attack vector requiring no privileges or user interaction, this vulnerability poses a significant confidentiality risk to exposed WebLaudos instances. The vulnerability's active exploitation status and proof-of-concept availability should be verified through current KEV databases and security advisories.
Directory Traversal in HPE StoreOnce backup storage software. One of 6 critical CVEs.
A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.
AstrBot versions 3.4.4 through 3.5.12 contain a path traversal vulnerability (CWE-23) in the dashboard feature that allows unauthenticated remote attackers to disclose sensitive information including LLM provider API keys, account passwords, and other confidential data. The vulnerability has a CVSS score of 7.5 (High) with high confidentiality impact and no authentication requirements. Patch is available in version 3.5.13 and later via Pull Request #1676.
File modification via 2-args open in YAML-LibYAML before 0.903.0 for Perl. PoC and patch available.
IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.
A vulnerability was found in JeeWMS up to 20250504. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Rated low severity (CVSS 2.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
A vulnerability was found in chshcms mccms 2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
A Path Traversal vulnerability (CWE-35) exists in the Aeroscroll Gallery WordPress plugin (versions through 1.0.12) that allows unauthenticated remote attackers to access arbitrary files on the server, potentially exposing sensitive configuration files, database credentials, and other confidential data. The vulnerability has a CVSS score of 7.5 (High) with network accessibility and no authentication required, making it a significant information disclosure risk for all installations of affected versions.
Path traversal vulnerability in Fastw3b LLC FW Gallery (versions through 8.0.0) that allows unauthenticated remote attackers to cause denial of service by manipulating file path parameters. The vulnerability has a high CVSS score of 8.6 due to its network accessibility and lack of authentication requirements, though impact is limited to availability rather than confidentiality or integrity. Specific KEV status, EPSS scores, and publicly available POC information cannot be confirmed from the provided data, warranting immediate vendor contact for patch availability and exploitation status.
A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service.
A privilege escalation vulnerability in A flaw (CVSS 7.8). High severity vulnerability requiring prompt remediation.
CVE-2025-4365 is an arbitrary file read vulnerability affecting Citrix NetScaler Console and NetScaler SDX (SVM) that allows unauthenticated remote attackers to read sensitive files from affected systems. The vulnerability has a CVSS score of 7.5 (high severity) with a network-accessible attack vector requiring no authentication or user interaction. While specific KEV and EPSS data were not provided in the intelligence sources, the combination of high CVSS, unauthenticated access, and file disclosure capability indicates this requires prompt remediation.
A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this issue. It is recommended to upgrade the affected component.
A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The identifier of the patch is 5db74202d632306a883ccce7339c5bdba0d16c5a. It is recommended to upgrade the affected component.
A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The patch is named 7ba93a10000fb77ee01731478ef40551a27bd5b9. It is recommended to apply a patch to fix this issue.
Conda-build versions prior to 25.4.0 are vulnerable to path traversal (Tarslip) attacks that allow unauthenticated remote attackers to write arbitrary files outside intended extraction directories by crafting malicious tar archives with directory traversal sequences. This critical vulnerability (CVSS 9.8) affects all users and systems utilizing conda-build for package compilation, with potential for privilege escalation and code execution depending on target file locations and system permissions.
A path traversal vulnerability in Liferay Portal 7.0.0 (CVSS 9.8) that allows remote attackers. Critical severity with potential for significant impact on affected systems.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.
A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java. The manipulation of the argument artifactId leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file /springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java of the component File Upload. The manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server.
The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
The Image Resizer On The Fly WordPress plugin (versions ≤1.1) contains a critical arbitrary file deletion vulnerability in its 'delete' task that allows unauthenticated attackers to remove arbitrary files from the server without authentication. This vulnerability can facilitate remote code execution by deleting critical files such as wp-config.php, leading to complete WordPress installation compromise. With a CVSS score of 9.1 and network-accessible attack vector requiring no user interaction or privileges, this represents a critical risk to all unpatched installations.
The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Critical directory traversal vulnerability in OpenC3 COSMOS versions before 6.1.0 affecting the /script-api/scripts/ endpoint. An unauthenticated attacker can exploit this flaw over the network with no user interaction required to read and potentially write arbitrary files on the affected system, achieving high confidentiality and integrity impact. The vulnerability has a CVSS score of 9.1 (Critical) with an CVSS vector indicating network-based attack, low complexity, and no privilege requirements.
Directory traversal vulnerability in OpenC3 COSMOS versions before 6.1.0 that allows unauthenticated remote attackers to read arbitrary files from the server via the openc3-api/tables endpoint. This high-severity issue (CVSS 7.5) enables confidentiality breaches without requiring authentication or user interaction, potentially exposing sensitive configuration files, credentials, and operational data managed by the COSMOS command and control system.
Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component
Critical path traversal vulnerability in RICOH Streamline NX V3 PC Client (versions 3.5.0-3.242.0) that allows unauthenticated remote attackers to execute arbitrary code on affected systems by tampering with specific files used by the product. With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this vulnerability poses immediate risk to organizations deploying vulnerable versions of the RICOH client software. KEV and EPSS status, POC availability, and active exploitation data are not yet available in public disclosures, but the severity profile (CVSS 9.8, CVSS:3.0/AV:N/AC:L/PR:N/UI:N) suggests high exploitability.
Directory traversal vulnerability in the recv_file method that permits authenticated attackers to write arbitrary files to the master cache directory, potentially leading to code execution or system compromise. The vulnerability affects products using vulnerable file reception mechanisms and carries a critical CVSS 9.6 score with network accessibility and low complexity. While specific KEV/EPSS data was not provided in the intelligence briefing, the combination of high CVSS, low attack complexity, and authenticated-but-common access vectors suggests elevated real-world risk.
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.
Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.
Path traversal vulnerability in Google Web Designer's template handling mechanism that enables remote code execution when users are socially engineered into downloading malicious ad templates. Versions prior to 16.3.0.0407 on Windows are affected, and the vulnerability requires user interaction (UI:R) but has no authentication requirements (PR:N). While CVSS 8.8 indicates high severity with complete confidentiality, integrity, and availability impact, exploitation probability and KEV status information is not provided in the available intelligence.
A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7), Mendix Studio Pro 10.6 (All versions < V10.6.24), Mendix Studio Pro 11 (All versions < V11.0.0), Mendix Studio Pro 8 (All versions < V8.18.35), Mendix Studio Pro 9 (All versions < V9.24.35). A zip path traversal vulnerability exists in the module installation process of Studio Pro. By crafting a malicious module and distributing it via (for example) the Mendix Marketplace, an attacker could write or modify arbitrary files in directories outside a developer’s project directory upon module installation.
Dell Wyse Management Suite versions prior to 5.2 contain an Absolute Path Traversal vulnerability (CWE-36) that allows unauthenticated remote attackers to read arbitrary files and gain unauthorized access without user interaction. The CVSS 8.2 score reflects high confidentiality impact and low integrity impact, with network-based attack vector requiring no privileges or interaction. No KEV/CISA active exploitation data, EPSS score, or public POC is currently confirmed in available intelligence, but the unauthenticated remote nature and path traversal primitive warrant immediate patching.
Local privilege escalation vulnerability in IBM AIX 7.3 and IBM VIOS 4.1.1's Perl implementation that allows non-privileged local users to execute arbitrary code through improper pathname neutralization (path traversal). With a CVSS score of 8.4 and no authentication requirement, this represents a critical risk for AIX environments where local user access exists. The vulnerability's active exploitation status and proof-of-concept availability would significantly elevate real-world risk.
Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.
In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.
In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.
Path traversal vulnerability in HPE Aruba Networking Private 5G Core APIs that allows authenticated users to iteratively navigate the filesystem and download sensitive system files. The vulnerability affects the Private 5G Core platform with a CVSS score of 7.7 (high severity) due to confidentiality impact across system boundaries. While requiring low-privilege authentication and network access, successful exploitation directly exposes protected system files containing sensitive configuration and credential data.
CVE-2025-40662 is an absolute path disclosure vulnerability in DM Corporative CMS that exposes sensitive filesystem information when an attacker requests non-existent files within the webroot/file directory. This high-severity information disclosure (CVSS 7.5) affects DM Corporative CMS users and allows unauthenticated remote attackers to enumerate and discover the absolute filesystem paths of the application, which typically precedes further exploitation. The vulnerability has not been confirmed as actively exploited in the wild (KEV status unknown from provided data), but represents a significant reconnaissance vector with minimal attack complexity.
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server.
Path traversal vulnerability (CWE-22) in a web application that allows authenticated users with high privileges to write arbitrary files to the system by manipulating file paths. While the CVSS score of 7.2 indicates moderate-to-high severity with high impact to confidentiality, integrity, and availability, the requirement for authenticated high-privilege access (PR:H) significantly constrains real-world exploitability. Active exploitation status, public POC availability, and EPSS score are unknown from the provided data, limiting definitive risk prioritization.
SAP NetWeaver Visual Composer contains a directory traversal vulnerability (CWE-22) that allows high-privileged users to bypass path validation controls and read or modify arbitrary files on the system. The vulnerability affects SAP NetWeaver Visual Composer across supported versions and has a CVSS score of 7.6 due to high confidentiality impact and network-accessible attack vector, though exploitation requires high privileges (PR:H). Exploitation likelihood and KEV/POC status cannot be confirmed from available data, but the high-privilege prerequisite significantly reduces real-world exploitability compared to the base CVSS score suggests.
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written into site.json. This enables attackers to exfiltrate sensitive system files such as /etc/passwd, application secrets, or configuration files accessible to the web server (www-data). The vulnerability stems from the way the HAXCMS backend handles the location field in the site's outline. When a user sends a POST request to /system/api/saveOutline, the backend stores the provided location value directly into the site.json file associated with the site, without validating or sanitizing the input. Later the location parameter is interpreted by the CMS to resolve and load the content for a given node. If the location field contains a relative path like `../../../etc/passwd`, the application will attempt to read and render that file. Version 11.0.0 fixes the issue.
Path traversal vulnerability in Mikado-Themes Grill and Chow WordPress themes (versions through 1.6) that enables PHP Local File Inclusion (LFI) attacks. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary files on the affected server, potentially exposing sensitive configuration files, database credentials, and other confidential data. The high CVSS score of 8.1 reflects significant impact on confidentiality and integrity, though exploitation requires higher attack complexity.
A Path Traversal vulnerability in Mikado-Themes GrandPrix WordPress theme (versions through 1.6) allows unauthenticated remote attackers to perform PHP Local File Inclusion (LFI) attacks, potentially leading to arbitrary file reading, information disclosure, and remote code execution. The vulnerability has a CVSS score of 8.1 (High) with high impact on confidentiality, integrity, and availability; exploitation requires medium attack complexity but no user interaction or privileges. KEV status and active exploitation data were not provided, but the high CVSS and LFI nature suggest significant real-world risk if POC is publicly available.
A Path Traversal vulnerability in Mikado-Themes MediClinic through version 2.1 enables unauthenticated remote attackers to conduct PHP Local File Inclusion (LFI) attacks, potentially allowing arbitrary file reading and code execution. The CVSS 8.1 score reflects high impact across confidentiality, integrity, and availability, though attack complexity is listed as HIGH. No public confirmation of active KEV exploitation or PoC availability is documented in standard feeds, but the high CVSS and LFI vector suggest this should be treated as a credible priority vulnerability.
Path traversal vulnerability in ThimPress WP Pipes that allows unauthenticated remote attackers to access files outside restricted directories, potentially causing denial of service or information disclosure. Versions through 1.4.2 are affected. The vulnerability has a high CVSS score of 8.6 due to network accessibility and no authentication requirements, though the impact is limited to availability rather than confidentiality or integrity.
Path traversal vulnerability in Spice Blocks (a WordPress plugin by spicethemes) affecting versions through 2.0.7.2 that allows unauthenticated remote attackers to read arbitrary files from the affected server. The vulnerability has a CVSS score of 7.5 (High) with network-based attack vector, no authentication required, and high confidentiality impact, making it a significant information disclosure risk for WordPress installations using this plugin.
A path traversal vulnerability (CWE-22) in Holest Engineering's Spreadsheet Price Changer for WooCommerce and WP E-commerce - Light plugin allows unauthenticated remote attackers to read arbitrary files from the server by manipulating file path parameters. The vulnerability affects all versions through 2.4.37 and has a CVSS score of 7.5, indicating high confidentiality impact with no authentication required. Real-world exploitability depends on confirmation of active exploitation status and proof-of-concept availability; the low attack complexity and network accessibility suggest this is a genuine, easily-exploitable threat to affected WordPress installations.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in nanbu Welcart e-Commerce allows Path Traversal. This issue affects Welcart e-Commerce: from n/a through 2.11.13.
Path Traversal vulnerability enabling PHP Local File Inclusion (LFI) in Frenify Arlo through version 6.0.3. The vulnerability allows unauthenticated remote attackers to read arbitrary files from the server filesystem by manipulating path parameters, potentially exposing sensitive configuration files, source code, and credentials. With a CVSS score of 8.1 and network-accessible attack vector, this vulnerability poses significant risk to confidentiality and integrity; exploitation likelihood and active weaponization status cannot be confirmed from available data, but the straightforward nature of path traversal attacks suggests moderate-to-high real-world exploitation probability.
Path traversal vulnerability in WebGeniusLab Seofy Core (versions up to 1.4.5) that allows unauthenticated remote attackers to achieve PHP Local File Inclusion (LFI) with high complexity. The vulnerability enables attackers to read arbitrary files and potentially execute code on affected systems. No public indicators confirm active exploitation or KEV listing at this time, but the high CVSS score (8.1) and remote attack vector indicate significant risk requiring urgent patching.
Path traversal vulnerability in LambertGroup CLEVER versions up to 2.6 that allows unauthenticated remote attackers to read arbitrary files from the affected system with high confidentiality impact. The vulnerability requires no user interaction and can be exploited over the network, making it a critical exposure for organizations running vulnerable CLEVER instances. While CVSS 7.5 indicates significant risk, actual exploitation depends on KEV listing status and public POC availability, which should be verified against current threat intelligence feeds.
Path traversal vulnerability in Apptha Slider Gallery versions up to 2.5 that allows unauthenticated remote attackers to read arbitrary files from the affected server by manipulating pathname parameters. The vulnerability has a CVSS score of 7.5 (High) with network-based attack vector requiring no privileges or user interaction, enabling confidentiality compromise of sensitive server files. Current KEV and EPSS status information is not provided in available sources, but the ease of exploitation (AC:L) and absence of authentication requirements significantly elevate real-world risk.
A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Directory traversal vulnerability in Allegra's extractFileFromZip method that allows authenticated attackers to execute arbitrary code on affected systems. The vulnerability stems from insufficient path validation, enabling remote code execution in the context of the running process. With a CVSS score of 8.8 and requiring only low-privilege authentication, this represents a significant risk to Allegra deployments, though exploitation requires prior authenticated access.
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.
Cross-Site Request Forgery (CSRF) vulnerability in POEditor that enables path traversal attacks, affecting versions 0.9.10 and earlier. An attacker can exploit this via a crafted request to perform unauthorized actions on behalf of an authenticated user, potentially leading to high availability impact. While the CVSS score of 7.4 indicates a significant threat, the requirement for user interaction (UI:R) and network-based attack vector limits real-world exploitability; current KEV and EPSS data are needed to determine if active exploitation is occurring.
Cross-Site Request Forgery (CSRF) vulnerability in the wphobby Backwp WordPress plugin (versions through 2.0.2) that enables path traversal attacks. An unauthenticated remote attacker can exploit this via a crafted web request to perform unauthorized actions and potentially access sensitive files outside intended directories. While the CVSS score of 7.4 indicates high severity with availability impact, the vulnerability requires user interaction (UI:R) and affects availability rather than confidentiality or integrity, suggesting moderate real-world exploitability.
Critical path traversal vulnerability (CWE-23) that allows unauthenticated remote attackers to read, write, or delete arbitrary files on affected servers with a CVSS score of 9.8. The vulnerability requires no user interaction, has low attack complexity, and grants complete confidentiality, integrity, and availability impact. Without access to KEV status, EPSS scores, POC details, or specific CPE identifiers from the provided data, this appears to be a severe vulnerability affecting multiple server-side products; confirmation of active exploitation status and patch availability requires cross-referencing official vendor security advisories.
A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Information Update. The manipulation of the argument nomeArquivo leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files
WP User Frontend Pro plugin versions up to 4.1.3 contain an arbitrary file deletion vulnerability in the delete_avatar_ajax() function that allows authenticated Subscriber-level users to delete critical files on WordPress servers without proper path validation. Successful exploitation can lead to remote code execution by deleting sensitive files such as wp-config.php, and the vulnerability is actively exploitable with no user interaction required. This represents a critical post-authentication privilege escalation affecting a widely-used WordPress plugin.
aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper limitation of a pathname to a restricted directory (path traversal). An attacker could exploit this vulnerability by sending a crafted web request to an affected device, followed by a specific command through an SSH session. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.
Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the local file system. An attacker could exploit these vulnerabilities by using a symbolic link to perform an agent upgrade that redirects the delete operation of any protected file. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.
Path traversal in Airleader MASTER enables reading embedded sensitive data.
A vulnerability classified as problematic has been found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. This affects the function image of the file src/main/java/cn/gson/oasys/controller/process/ProcedureController.java. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
A vulnerability was found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. It has been rated as problematic. Affected by this issue is the function image of the file src/main/java/cn/gson/oasys/controller/user/UserpanelController.java. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Critical authentication bypass vulnerability in Netgear WNR614 version 1.1.0.28_1.0.1WW that allows unauthenticated remote attackers to access sensitive configuration files through null-byte injection in the URL handler. The vulnerability affects the %00currentsetting.htm endpoint, enabling attackers to retrieve or modify device settings without credentials. This 0day has been publicly disclosed with proof-of-concept code available, and CVSS 7.3 reflects moderate confidentiality, integrity, and availability impact across network-accessible administration functions.
Path traversal in Python tarfile extraction with filter='data'.
Logic flaw in Python's TarFile module where the documented behavior of errorlevel=0 (skip filtered members) contradicts the actual implementation (extract filtered members anyway). This affects any application using Python's tarfile library with extraction filters, allowing attackers to extract files that should be blocked, potentially leading to path traversal or extraction of malicious content. The vulnerability has a high CVSS score (7.5) with network-accessible attack vector and no authentication required, though exploitation requires the application to implement extraction filters expecting them to be respected.
Path traversal vulnerability in Python's tarfile module extraction filters that allows attackers to bypass the 'data' and 'tar' filter protections, enabling symlink targets to point outside the extraction directory and permitting modification of file metadata. This affects any application using TarFile.extractall() or TarFile.extract() with filter='data' or filter='tar' on untrusted tar archives, as well as Python 3.14+ users relying on the new 'data' default filter. The vulnerability has a CVSS score of 7.5 (High) with high integrity impact, though exploitation requires an attacker to control the tar archive contents.
CVE-2025-4138 is a security vulnerability (CVSS 7.5) that allows the extraction filter. High severity vulnerability requiring prompt remediation.
Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
Directory traversal vulnerability in Parallels Desktop for Mac version 20.2.2 (build 55879) affecting the PVMP package unpacking functionality. An authenticated local attacker with limited privileges can exploit this flaw to write arbitrary files to the system, potentially achieving privilege escalation with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user interaction is not needed, making it a significant risk for multi-user or shared Mac environments.
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.
Directory Traversal vulnerability (CWE-22) in WebLaudos version 24.2 (04) that allows unauthenticated remote attackers to read arbitrary files and obtain sensitive information through improper validation of the 'id' parameter. With a CVSS score of 7.5 and network-based attack vector requiring no privileges or user interaction, this vulnerability poses a significant confidentiality risk to exposed WebLaudos instances. The vulnerability's active exploitation status and proof-of-concept availability should be verified through current KEV databases and security advisories.
Directory Traversal in HPE StoreOnce backup storage software. One of 6 critical CVEs.
A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.
AstrBot versions 3.4.4 through 3.5.12 contain a path traversal vulnerability (CWE-23) in the dashboard feature that allows unauthenticated remote attackers to disclose sensitive information including LLM provider API keys, account passwords, and other confidential data. The vulnerability has a CVSS score of 7.5 (High) with high confidentiality impact and no authentication requirements. Patch is available in version 3.5.13 and later via Pull Request #1676.
File modification via 2-args open in YAML-LibYAML before 0.903.0 for Perl. PoC and patch available.
IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.
A vulnerability was found in JeeWMS up to 20250504. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Rated low severity (CVSS 2.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
A vulnerability was found in chshcms mccms 2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.