Skip to main content

Path Traversal

7729 CVEs technique

Monthly

CVE-2026-27800 HIGH POC This Week

Zed code editor versions prior to 0.224.4 contain a path traversal vulnerability in ZIP extraction that fails to sanitize malicious filenames, allowing attackers to write files outside the intended sandbox directory through crafted extension archives. Public exploit code exists for this vulnerability. An attacker can exploit this by distributing a malicious extension that, when installed, deposits files in arbitrary locations on the affected system.

Path Traversal Zed
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-27735 PyPI MEDIUM PATCH This Month

Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2026.1.14, the git_add tool did not validate that file paths provided in the files argument were within the repository boundaries.

Path Traversal Model Context Protocol Servers
NVD GitHub
CVSS 4.0
6.4
EPSS
0.1%
CVE-2026-26985 HIGH This Week

Authenticated users in LORIS 24.0.0 through 28.0.0 can exploit a path traversal vulnerability to read arbitrary configuration files containing hardcoded database and service credentials. An attacker with valid application access and appropriate permissions can leverage publicly available source code to easily craft requests that expose these sensitive files, potentially enabling lateral movement to backend systems. No patch is currently available for affected versions.

Path Traversal Loris
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-26984 HIGH This Week

Remote code execution in LORIS neuroimaging platform allows authenticated users with sufficient privileges to bypass path traversal protections and upload malicious files to arbitrary server locations. An attacker can leverage the uploaded file to achieve code execution on the underlying system, though read-only server configurations may prevent actual execution. The vulnerability affects versions prior to 26.0.5, 27.0.2, and 28.0.0, with no patch currently available.

RCE Path Traversal Loris
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-3188 LOW Monitor

Path traversal in feiyuchuixue sz-boot-parent versions up to 1.3.2-beta allows authenticated remote attackers to read arbitrary files by manipulating the templateName parameter in the /api/admin/common/download/templates endpoint. Public exploit code exists for this vulnerability. Users should upgrade to version 1.3.3-beta or later, which implements proper path validation checks.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-27704 HIGH This Week

The Dart and Flutter SDKs provide software development kits for the Dart programming language. [CVSS 7.5 HIGH]

Path Traversal Flutter Dart Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27699 npm CRITICAL POC PATCH Act Now

Path traversal in basic-ftp Node.js FTP client library before 5.2.0 allows malicious FTP servers to write files outside the intended download directory. PoC and patch available.

Node.js Path Traversal Basic Ftp Red Hat Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-0704 CRITICAL Act Now

Path traversal in Octopus Deploy allows removing files and file contents on the host through API manipulation. Enables data destruction on the deployment server.

Path Traversal Octopus Server
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-11563 MEDIUM PATCH This Month

URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool. [CVSS 4.6 MEDIUM]

Path Traversal Wcurl Red Hat Suse
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-3179 HIGH This Week

Arbitrary file write vulnerability in Data Master ADM versions 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allows remote or man-in-the-middle attackers to bypass filename sanitization in FTP backup operations and place malicious files outside the intended directory. An attacker can exploit this path traversal flaw to overwrite critical system files and potentially execute code with elevated privileges. No patch is currently available, and exploitation requires moderate attack complexity but no user interaction.

RCE Privilege Escalation Path Traversal Data Master
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2026-25785 CRITICAL Act Now

Path traversal in Lanscope Endpoint Manager Sub-Manager Server version 9.4.7.3 and earlier allows access to files outside restricted directories on managed endpoints.

Path Traversal Lanscope Endpoint Manager
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2026-27641 PyPI CRITICAL POC PATCH Act Now

Path traversal and extension bypass in Flask-Reuploaded file upload library. Allows uploading files with arbitrary extensions to arbitrary directories. PoC and patch available.

Flask RCE Path Traversal Flask Reuploaded
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27606 npm HIGH POC PATCH This Week

Arbitrary file write via path traversal in the Rollup JavaScript module bundler lets an attacker who can influence build inputs write or overwrite files anywhere the build process can reach, escalating to persistent remote code execution by clobbering system or user configuration files. Affected are 4.x releases before 4.59.0 (and the 2.x/3.x lines before 2.80.0 and 3.30.0), where insecure output filename sanitization permits `../` traversal through CLI named inputs, manual chunk aliases, or malicious plugins. Publicly available exploit code exists (GitHub Security Advisory GHSA-mw96-cpmx-2vgc), though no public exploit is identified as active in-the-wild use; EPSS is modest at 0.62% (70th percentile).

RCE Path Traversal Rollup
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.6%
CVE-2026-27117 MEDIUM POC PATCH This Month

Bit7z versions prior to 4.0.11 contain a path traversal vulnerability that allows arbitrary file writes outside the intended extraction directory when processing malicious archives through relative paths, absolute paths, or symbolic links. Applications using bit7z to extract untrusted archives are affected, enabling attackers to overwrite critical files with the privileges of the extraction process. Public exploit code exists for this vulnerability.

Path Traversal Bit7z
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-25891 Go HIGH POC PATCH This Week

Fiber web framework versions 3.0.0 and earlier on Windows contain a path traversal vulnerability that allows remote attackers to bypass static file middleware protections and read arbitrary files from the server. Public exploit code exists for this vulnerability, which affects applications using the vulnerable Fiber versions. The issue has been patched in Fiber v3.1.0.

Windows Path Traversal Fiber Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25603 MEDIUM POC This Month

Path traversal in Linksys MR9600 and MX4200 firmware allows attackers with physical access to mount arbitrary USB drive partitions into the file system, potentially enabling root-level code execution. Public exploit code exists for this vulnerability, and no patch is currently available. Affected versions include MR9600 1.0.4.205530 and MX4200 1.0.13.210200.

Path Traversal Mx4200 Firmware Mr9600 Firmware
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-27483 PyPI HIGH POC PATCH GHSA This Week

Remote code execution in MindsDB prior to version 25.9.1.1 allows authenticated attackers to bypass file upload restrictions through path traversal in the /api/files endpoint. An attacker can exploit insufficient filename validation to write arbitrary files to any location on the server, achieving command execution. Public exploit code exists for this vulnerability.

Path Traversal AI / ML Mindsdb
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-15589 LOW POC Monitor

A vulnerability was determined in MuYuCMS 2.7. Affected is the function delete_dir_file of the file application/admin/controller/Template.php of the component Template Management Page. [CVSS 3.8 LOW]

PHP Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-3067 LOW POC Monitor

HummerRisk versions up to 1.5.0 contain a path traversal vulnerability in the archive extraction functionality that allows authenticated remote attackers to read and write arbitrary files on the system. Public exploit code exists for this vulnerability, and no patch is currently available. The vulnerability affects the extractTarGZ and extractZip functions in the common utilities library.

Java Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-25965 NuGet HIGH PATCH This Week

Local file disclosure in ImageMagick before 7.1.2-15 and 6.9.13-40 lets attackers bypass the path security policy (policy-secure.xml) using directory traversal, reading files a rule such as `/etc/*` was meant to block. Because the policy matcher evaluates the raw, unnormalized filename string before the OS resolves it, a traversal sequence slips past the deny rule while the kernel still opens the real sensitive file. No public exploit is identified at time of analysis and EPSS is very low (0.04%), but the bug undermines a control specifically deployed to harden image-processing pipelines that handle untrusted input.

Path Traversal Imagemagick
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3051 LOW POC Monitor

Path traversal in Dinky up to version 1.2.5 allows authenticated remote attackers to access arbitrary files on the system through manipulation of the projectName parameter in the GitRepository component. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can exploit this to read sensitive files or potentially escalate privileges within Java-based Dinky deployments.

Java Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-23521 MEDIUM POC This Month

Traccar GPS tracking system through version 6.11.1 allows authenticated users to conduct arbitrary file writes by setting device identifiers to absolute paths, which bypass path validation during image uploads. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with device management privileges could write files outside the intended media directory, potentially compromising system integrity.

Path Traversal Traccar
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2953 LOW POC Monitor

Path traversal in Dromara UJCMS 101.2 Template Handler allows authenticated remote attackers to manipulate the deleteDirectory function and access files outside intended directories. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification. The attack requires valid credentials but can be executed remotely with minimal complexity.

Path Traversal Ujcms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-2864 LOW Monitor

Path traversal in the pictureDelete function of feng_ha_ha/megagao ssm-erp and production_ssm allows authenticated remote attackers to manipulate the picName parameter and access arbitrary files on the system. Public exploit code exists for this vulnerability. No patch is currently available, and the developers have not responded to the disclosure.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2863 LOW Monitor

Path traversal in the FileServiceImpl.deleteFile function of feng_ha_ha/megagao ssm-erp and production_ssm allows authenticated attackers to manipulate file deletion operations remotely. Public exploit code exists for this vulnerability, and the developer has not yet addressed the reported issue. An attacker with valid credentials could delete or access arbitrary files on the affected system.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-27211 CRITICAL PATCH Act Now

Arbitrary host file exfiltration from Cloud Hypervisor VMM versions 34.0-50.0. CVSS 10.0. Patch available.

KVM Linux Information Disclosure Path Traversal Docker +2
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-27202 HIGH POC This Week

Arbitrary file read vulnerability in GetSimple CMS affects all versions through its Uploaded Files feature, allowing unauthenticated remote attackers to access sensitive files on affected systems. Public exploit code exists for this vulnerability, and no patch is currently available. The high-severity flaw (CVSS 7.5) poses a significant confidentiality risk to all GetSimple CMS deployments.

Path Traversal Getsimple Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-2033 PyPI HIGH PATCH Act Now

Remote code execution in the MLflow Tracking Server allows unauthenticated attackers (PR:N) to abuse the artifact handler's path processing to read or write files outside the intended artifact root and ultimately run code as the server's service account. The flaw is a CWE-22 path traversal in artifact file-path handling reachable over the network with low complexity. No public exploit is identified at time of analysis, but the EPSS score of 15.58% (95th percentile) signals notably elevated near-term exploitation likelihood for an MLOps component frequently exposed on internal and cloud networks.

RCE Path Traversal
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
15.6%
CVE-2026-27115 HIGH This Week

ADB Explorer through version 0.9.26020 fails to validate user-supplied directory paths, enabling local attackers to trigger recursive deletion of arbitrary filesystem directories including critical system and user folders. An attacker can exploit this by crafting a malicious shortcut or script that launches the application with a sensitive path argument, causing permanent data loss when the application processes the ClearDrag() function at startup or exit. Any user tricked into launching ADB Explorer via a weaponized shortcut or batch file faces complete loss of targeted directories such as Documents or user profile folders.

Path Traversal Microsoft Windows
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-2818 HIGH This Week

Spring Data Geode's snapshot import feature on Windows systems is vulnerable to path traversal attacks that enable attackers to write arbitrary files outside the intended extraction directory. Remote attackers can exploit this vulnerability without authentication to potentially overwrite critical system or application files. No patch is currently available.

Path Traversal Microsoft Java
NVD HeroDevs VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-24953 MEDIUM This Month

Authenticated attackers can traverse directory restrictions in Mitchell Bennis Simple File List versions up to 6.1.15 to read files outside intended directories, requiring valid credentials but no user interaction. This path traversal vulnerability impacts confidentiality but not system integrity or availability, with no patch currently available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-69380 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8. [CVSS 7.5 HIGH]

WordPress Path Traversal PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69379 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8. [CVSS 8.6 HIGH]

WordPress Path Traversal PHP
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-69377 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0. [CVSS 7.7 HIGH]

WordPress Path Traversal PHP
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-69376 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0. [CVSS 8.6 HIGH]

WordPress Path Traversal PHP
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-69325 MEDIUM This Month

primersoftware Primer MyData for Woocommerce primer-mydata contains a security vulnerability (CVSS 5.3).

WordPress Path Traversal PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-68862 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Murtaza Bhurgri Woo File Dropzone woo-file-dropzone allows Path Traversal.This issue affects Woo File Dropzone: from n/a through <= 1.1.7. [CVSS 7.7 HIGH]

Path Traversal
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-68002 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 100plugins Open User Map open-user-map allows Path Traversal.This issue affects Open User Map: from n/a through <= 1.4.16. [CVSS 6.5 MEDIUM]

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21620 LOW Monitor

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-59819 MEDIUM This Month

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path. [CVSS 6.5 MEDIUM]

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-26065 HIGH POC PATCH This Week

Calibre versions 9.2.1 and below allow authenticated users to write arbitrary files with any extension to any writable location via path traversal in PDB file readers, potentially enabling code execution or system compromise through file overwriting. The vulnerability affects both 132-byte and 202-byte PDB header variants and silently overwrites existing files without warning. Public exploit code exists and patches are available in version 9.3.0 and later.

Denial Of Service Path Traversal Calibre Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-26064 HIGH POC PATCH This Week

Remote code execution in Calibre 9.2.1 and earlier allows authenticated users to write arbitrary files via a path traversal flaw in the extract_pictures() function that fails to properly sanitize directory traversal sequences. On Windows systems, attackers can exploit this to write malicious payloads to the Startup folder, achieving code execution upon the next user login. Public exploit code exists for this vulnerability, and a patch is available in version 9.3.0.

Windows RCE Path Traversal Calibre Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26975 HIGH This Week

Remote code execution in Music Assistant Server 2.6.3 and below enables unauthenticated network-adjacent attackers to execute arbitrary code through path traversal in the playlist update API, which fails to enforce file extension restrictions and allows writing malicious Python files to site-packages. The vulnerability is particularly critical because affected containers typically run as root, amplifying the impact of successful exploitation. No patch is currently available, leaving installations at risk until an upgrade to version 2.7.0 or later is performed.

Python RCE Path Traversal Music Assistant Server
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-26972 npm MEDIUM PATCH This Month

OpenClaw versions 2026.1.12 through 2026.2.13 contain a path traversal vulnerability in the browser download helper that allows authenticated users with CLI access or valid gateway RPC tokens to write files outside the intended temporary downloads directory. An attacker with these credentials can exploit unsanitized output paths to place arbitrary files on the system. Version 2026.2.13 and later contain the fix.

Path Traversal AI / ML Openclaw
NVD GitHub
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-26329 npm MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.14 allow authenticated users to read arbitrary files from the Gateway host through path traversal in the browser tool's upload functionality. An attacker with valid Gateway credentials and browser tool permissions can supply absolute or traversal paths to bypass file access restrictions and access sensitive files. This vulnerability requires authentication and browser tool enablement but presents a high confidentiality risk to affected deployments.

Path Traversal AI / ML Openclaw
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-26321 npm HIGH PATCH This Week

OpenClaw's Feishu extension prior to version 2026.2.14 improperly handles `mediaUrl` parameters by treating attacker-controlled values as local filesystem paths, enabling unauthorized file read access. An attacker who can influence tool calls through direct manipulation or prompt injection could exfiltrate sensitive files like `/etc/passwd`. This high-severity path traversal vulnerability (CWE-22) is resolved in version 2026.2.14 and later, which implements proper access controls and routes media loading through hardened helpers.

Path Traversal AI / ML Openclaw
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-8054 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows Path Traversal. The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. [CVSS 7.5 HIGH]

Path Traversal Xm Fax
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26202 HIGH POC PATCH This Week

Penpot before version 2.13.2 contains a path traversal vulnerability in the font creation endpoint that allows authenticated users with team edit permissions to read arbitrary files from the server filesystem. By supplying local file paths such as `/etc/passwd` as font data, attackers can retrieve sensitive files including system configuration, application secrets, and credentials. Public exploit code exists for this vulnerability, which could enable further server compromise depending on the Penpot process permissions.

Path Traversal Information Disclosure Penpot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26337 HIGH This Week

Arbitrary file read and server-side request forgery in Hyland Alfresco Transformation Service (and the underlying Alfresco Transform Core, including 5.3.0-alpha1) allow unauthenticated remote attackers to read arbitrary files and coerce the server into making outbound requests via absolute path traversal. Hyland has published a coordinated security advisory (CVE-2026-26337/26338/26339). No public exploit has been identified at time of analysis and the EPSS probability is low (0.12%), but the network-facing, unauthenticated nature makes this a meaningful exposure for internet-reachable transform components.

SSRF Path Traversal Alfresco Transform Core Alfresco Transform Service
NVD
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-25766 Go MEDIUM POC PATCH This Month

Unauthenticated remote file read in Echo web framework versions 5.0.0-5.0.2 on Windows allows attackers to traverse outside the static root directory and access arbitrary files via backslash path sequences in requests. The vulnerability stems from improper path normalization where path.Clean() does not treat backslashes as separators, but the underlying os.Open() call on Windows does, enabling directory traversal. Public exploit code exists for this medium-severity vulnerability, though a patch is available in version 5.0.3.

Windows Golang Path Traversal Echo Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-26362 HIGH This Week

Dell Unisphere for PowerMax 10.2 contains a relative path traversal flaw that allows authenticated remote attackers to modify critical system files without user interaction. The vulnerability affects systems with low-privileged user accounts and carries high integrity and availability impact, though no patch is currently available. With an EPSS score of 0.1%, exploitation likelihood remains low despite the HIGH severity rating.

Path Traversal Unisphere For Powermax
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-2731 Monitor

Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.7 and <9.20.3) allows unauthenticated attackers to execute code via simple web requests

Path Traversal
NVD
EPSS
0.2%
CVE-2026-2692 LOW POC Monitor

Path traversal in CyreneAdmin's image handler endpoint allows authenticated attackers to read arbitrary files on the server through manipulation of the Avatar parameter. The vulnerability affects versions up to 1.3.0 and requires valid user credentials to exploit, limiting the attack surface to authenticated users. Public exploit code exists and no patch is currently available.

Path Traversal Cyreneadmin
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2683 LOW POC Monitor

Tsinghua Unigroup Electronic Archives System 3.2.210802 contains a path traversal vulnerability in the download functionality that allows authenticated remote attackers to read arbitrary files on the affected system. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires valid credentials but no user interaction, making it accessible to any authenticated user with network access.

Path Traversal Electronic Archives System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2672 LOW POC Monitor

Path traversal in Tsinghua Unigroup Electronic Archives System 3.2.210802 allows authenticated remote attackers to read arbitrary files through manipulation of the path parameter in the /Search/Subject/downLoad function. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires valid credentials but no user interaction, making it a practical risk for organizations using this system.

Path Traversal Electronic Archives System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2019-25355 HIGH POC This Week

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. [CVSS 7.5 HIGH]

Path Traversal Gsoap Suse
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-25352 HIGH POC This Week

Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. [CVSS 7.5 HIGH]

Windows Path Traversal
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-23491 HIGH POC PATCH This Week

Unauthenticated attackers can read arbitrary files from InvoicePlane servers through path traversal in the Guest controller's file retrieval function, potentially exposing database credentials and other sensitive configuration data. This vulnerability affects InvoicePlane versions up to 1.6.3 and has public exploit code available. Version 1.6.4 resolves the issue.

Path Traversal Invoiceplane
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-22860 Ruby HIGH POC PATCH This Week

Directory traversal in Rack versions prior to 2.2.22, 3.1.20, and 3.2.5 allows unauthenticated remote attackers to list directories outside the configured root by exploiting a string prefix matching flaw in path validation. An attacker can craft requests with path traversal sequences to enumerate sensitive directories if the target path shares a common prefix with the configured root directory. Public exploit code exists for this vulnerability.

Rack Path Traversal
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-20137 LOW Monitor

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. [CVSS 3.5 LOW]

Path Traversal Splunk Splunk Cloud Platform
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-2464 Monitor

Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service.

Windows Path Traversal
NVD
EPSS
0.4%
CVE-2026-2426 MEDIUM This Month

Arbitrary file deletion in WP-DownloadManager plugin versions up to 1.69 allows high-privileged WordPress administrators to bypass path validation and remove critical system files through directory traversal in the file deletion parameter. Deletion of essential files like wp-config.php can result in remote code execution or complete site compromise. No patch is currently available.

WordPress PHP RCE Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
2.6%
CVE-2026-2419 LOW Monitor

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. [CVSS 2.7 LOW]

WordPress Path Traversal
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-2623 LOW POC Monitor

Path traversal in Blossom up to version 1.17.1 file upload functionality allows authenticated remote attackers to access arbitrary files on affected systems. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Java Path Traversal File Upload
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-22762 MEDIUM This Month

Arbitrary file deletion in Dell Avamar Server and Virtual Edition versions before 19.10 SP1 with CHF338912 stems from improper path traversal validation in the security module. High-privileged remote attackers can exploit this vulnerability to delete files on affected systems, though no patch is currently available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-36598 MEDIUM This Month

Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. [CVSS 6.5 MEDIUM]

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-36597 MEDIUM This Month

Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. [CVSS 4.7 MEDIUM]

Path Traversal Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-59793 CRITICAL Act Now

Path traversal in Rocket TRUfusion Enterprise through 7.10.5 via /axis2/services endpoint allows authenticated attackers to read and write arbitrary files on the host. EPSS 0.32%.

RCE Path Traversal Trufusion Enterprise
NVD
CVSS 4.0
9.4
EPSS
0.3%
CVE-2026-2552 MEDIUM POC This Month

Path traversal in ZenTao's editor component (versions up to 21.7.8) allows authenticated attackers to manipulate the filePath parameter and access files outside intended directories. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems vulnerable to unauthorized file access and potential information disclosure.

PHP Path Traversal Zentao
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-2551 LOW POC Monitor

ZenTao versions up to 21.7.8 contain a path traversal vulnerability in the backup handler that allows authenticated attackers to manipulate file parameters and access or delete arbitrary files on the affected system. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be executed remotely without user interaction.

PHP Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-1988 HIGH This Week

Arbitrary PHP code execution in the Flexi Product Slider and Grid for WooCommerce WordPress plugin through version 1.0.5 allows authenticated contributors to exploit unsanitized file path parameters in the flexipsg_carousel shortcode to include and execute arbitrary files on the server. The vulnerability requires an attacker with Contributor-level access or above to create posts containing malicious shortcodes, but carries high risk due to lack of input validation on the theme parameter enabling local file inclusion attacks. No patch is currently available for this vulnerability.

WordPress PHP LFI Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-13681 MEDIUM This Month

The BFG Tools - Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0.7. This is due to insufficient input validation on the user-supplied `first_file` parameter in the `zip()` function. [CVSS 4.9 MEDIUM]

WordPress PHP Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-26187 Go HIGH PATCH This Week

Authenticated users in lakeFS prior to version 1.77.0 can exploit path traversal vulnerabilities in the local block adapter to read and write files outside their intended storage boundaries by bypassing insufficient prefix validation checks. An attacker with valid credentials can manipulate object identifiers and path sequences to access sibling directories and storage namespaces they should not have access to. A patch is available in version 1.77.0 and later.

Path Traversal Lakefs Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-25964 MEDIUM POC PATCH This Month

Path traversal in Tandoor Recipes prior to 2.5.1 allows authenticated users with import permissions to read arbitrary files from the server by manipulating file paths during recipe import operations. An attacker could access sensitive system files like /etc/passwd or application configuration files, potentially leading to full system compromise. Public exploit code exists for this vulnerability.

Path Traversal Recipes
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21878 HIGH POC PATCH This Week

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. [CVSS 7.5 HIGH]

Path Traversal Bacnet Stack
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69770 CRITICAL Act Now

Zip slip to RCE in MojoPortal CMS v2.9.0.1 via /DesignTools/SkinList.aspx. Malicious ZIP archives write files outside extraction directory, enabling code execution. CVSS 10.0.

Path Traversal
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2019-25333 HIGH POC This Week

Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths. [CVSS 7.5 HIGH]

AWS Path Traversal
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-26217 PyPI CRITICAL PATCH GHSA Act Now

Arbitrary local file disclosure in Crawl4AI's Docker API (versions before 0.8.0) lets unauthenticated remote attackers read any file on the server by supplying file:// URLs to the /execute_js, /screenshot, /pdf, and /html endpoints. Because the API validates no scheme, an attacker can exfiltrate /etc/passwd, /etc/shadow, application config, and process environment via /proc/self/environ - directly exposing credentials and API keys. Publicly documented in GitHub advisory GHSA-vx9w-5cx4-9796 with a working request example; no public exploit identified as active exploitation, and EPSS is low (0.06%, 19th percentile).

Docker Crawl4ai Path Traversal
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.1%
CVE-2025-15577 HIGH This Week

An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older. [CVSS 7.5 HIGH]

Path Traversal Dna
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-20660 HIGH This Week

Arbitrary file write vulnerability in Apple's macOS, iOS, iPadOS, and Safari resulting from improper path handling logic allows remote attackers to write files without authentication or user interaction. Affected versions include macOS Tahoe 26.3 and earlier, macOS Sonoma 14.8.4 and earlier, iOS 18.7.5 and earlier, and Safari 26.3 and earlier. No patch is currently available for this high-severity vulnerability.

Apple Path Traversal
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-20653 MEDIUM This Month

Improper path validation in Apple's macOS, iOS, and visionOS allows local attackers to bypass directory access restrictions and read sensitive user data through crafted file paths. An authenticated user with local access can exploit this parsing weakness without user interaction to access confidential information. No patch is currently available for this vulnerability.

Apple Path Traversal
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20625 MEDIUM This Month

Improper path validation in macOS and visionOS allows local attackers with user interaction to read sensitive user data through directory path manipulation. The vulnerability affects macOS Sequoia 15.7.3 and earlier, macOS Sonoma 14.8.3 and earlier, macOS Tahoe 26.2 and earlier, and visionOS 26.2 and earlier. No patch is currently available.

Apple Path Traversal
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20615 HIGH This Week

Local privilege escalation in Apple macOS, iOS, and iPadOS through improper path validation allows authenticated attackers to gain root privileges on affected devices. The vulnerability requires local access and user interaction is not required, making it exploitable by malicious applications already present on the system. No patch is currently available for this high-severity flaw affecting multiple Apple operating systems.

Apple Path Traversal
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20614 HIGH This Week

Improper path validation in macOS (Sequoia 15.7.3 and earlier, Tahoe 26.2 and earlier, Sonoma 14.8.3 and earlier) permits local authenticated users to escalate privileges to root through a malicious application. This path traversal vulnerability (CWE-22) has a CVSS score of 7.8 and currently lacks a publicly available patch.

Apple Path Traversal
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43537 MEDIUM This Month

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5. [CVSS 5.5 MEDIUM]

Apple Path Traversal
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43417 MEDIUM This Month

A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. [CVSS 5.5 MEDIUM]

Apple Path Traversal Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-25062 MEDIUM POC This Month

Outline versions prior to 1.4.0 fail to validate attachment file paths during JSON import, allowing authenticated attackers with high privileges to traverse the directory structure and read arbitrary files from the server. Public exploit code exists for this path traversal vulnerability, and no patch is currently available for affected deployments.

Path Traversal Outline
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2020-37214 HIGH POC This Week

Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files. [CVSS 7.5 HIGH]

Path Traversal
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-70084 HIGH This Week

Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function. [CVSS 7.5 HIGH]

Path Traversal Opensatkit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69874 npm CRITICAL Act Now

Path traversal in nanotar npm package through 0.2.0. The parseTar() and parseTarGzip() functions allow attackers to write files outside the extraction directory.

Path Traversal Nanotar
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
EPSS 0% CVSS 7.4
HIGH POC This Week

Zed code editor versions prior to 0.224.4 contain a path traversal vulnerability in ZIP extraction that fails to sanitize malicious filenames, allowing attackers to write files outside the intended sandbox directory through crafted extension archives. Public exploit code exists for this vulnerability. An attacker can exploit this by distributing a malicious extension that, when installed, deposits files in arbitrary locations on the affected system.

Path Traversal Zed
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2026.1.14, the git_add tool did not validate that file paths provided in the files argument were within the repository boundaries.

Path Traversal Model Context Protocol Servers
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Authenticated users in LORIS 24.0.0 through 28.0.0 can exploit a path traversal vulnerability to read arbitrary configuration files containing hardcoded database and service credentials. An attacker with valid application access and appropriate permissions can leverage publicly available source code to easily craft requests that expose these sensitive files, potentially enabling lateral movement to backend systems. No patch is currently available for affected versions.

Path Traversal Loris
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in LORIS neuroimaging platform allows authenticated users with sufficient privileges to bypass path traversal protections and upload malicious files to arbitrary server locations. An attacker can leverage the uploaded file to achieve code execution on the underlying system, though read-only server configurations may prevent actual execution. The vulnerability affects versions prior to 26.0.5, 27.0.2, and 28.0.0, with no patch currently available.

RCE Path Traversal Loris
NVD GitHub
EPSS 0% CVSS 2.1
LOW Monitor

Path traversal in feiyuchuixue sz-boot-parent versions up to 1.3.2-beta allows authenticated remote attackers to read arbitrary files by manipulating the templateName parameter in the /api/admin/common/download/templates endpoint. Public exploit code exists for this vulnerability. Users should upgrade to version 1.3.3-beta or later, which implements proper path validation checks.

Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

The Dart and Flutter SDKs provide software development kits for the Dart programming language. [CVSS 7.5 HIGH]

Path Traversal Flutter Dart Software Development Kit
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Path traversal in basic-ftp Node.js FTP client library before 5.2.0 allows malicious FTP servers to write files outside the intended download directory. PoC and patch available.

Node.js Path Traversal Basic Ftp +2
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Path traversal in Octopus Deploy allows removing files and file contents on the host through API manipulation. Enables data destruction on the deployment server.

Path Traversal Octopus Server
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool. [CVSS 4.6 MEDIUM]

Path Traversal Wcurl Red Hat +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Arbitrary file write vulnerability in Data Master ADM versions 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allows remote or man-in-the-middle attackers to bypass filename sanitization in FTP backup operations and place malicious files outside the intended directory. An attacker can exploit this path traversal flaw to overwrite critical system files and potentially execute code with elevated privileges. No patch is currently available, and exploitation requires moderate attack complexity but no user interaction.

RCE Privilege Escalation Path Traversal +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Path traversal in Lanscope Endpoint Manager Sub-Manager Server version 9.4.7.3 and earlier allows access to files outside restricted directories on managed endpoints.

Path Traversal Lanscope Endpoint Manager
NVD
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Path traversal and extension bypass in Flask-Reuploaded file upload library. Allows uploading files with arbitrary extensions to arbitrary directories. PoC and patch available.

Flask RCE Path Traversal +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Arbitrary file write via path traversal in the Rollup JavaScript module bundler lets an attacker who can influence build inputs write or overwrite files anywhere the build process can reach, escalating to persistent remote code execution by clobbering system or user configuration files. Affected are 4.x releases before 4.59.0 (and the 2.x/3.x lines before 2.80.0 and 3.30.0), where insecure output filename sanitization permits `../` traversal through CLI named inputs, manual chunk aliases, or malicious plugins. Publicly available exploit code exists (GitHub Security Advisory GHSA-mw96-cpmx-2vgc), though no public exploit is identified as active in-the-wild use; EPSS is modest at 0.62% (70th percentile).

RCE Path Traversal Rollup
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Bit7z versions prior to 4.0.11 contain a path traversal vulnerability that allows arbitrary file writes outside the intended extraction directory when processing malicious archives through relative paths, absolute paths, or symbolic links. Applications using bit7z to extract untrusted archives are affected, enabling attackers to overwrite critical files with the privileges of the extraction process. Public exploit code exists for this vulnerability.

Path Traversal Bit7z
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Fiber web framework versions 3.0.0 and earlier on Windows contain a path traversal vulnerability that allows remote attackers to bypass static file middleware protections and read arbitrary files from the server. Public exploit code exists for this vulnerability, which affects applications using the vulnerable Fiber versions. The issue has been patched in Fiber v3.1.0.

Windows Path Traversal Fiber +1
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM POC This Month

Path traversal in Linksys MR9600 and MX4200 firmware allows attackers with physical access to mount arbitrary USB drive partitions into the file system, potentially enabling root-level code execution. Public exploit code exists for this vulnerability, and no patch is currently available. Affected versions include MR9600 1.0.4.205530 and MX4200 1.0.13.210200.

Path Traversal Mx4200 Firmware Mr9600 Firmware
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Remote code execution in MindsDB prior to version 25.9.1.1 allows authenticated attackers to bypass file upload restrictions through path traversal in the /api/files endpoint. An attacker can exploit insufficient filename validation to write arbitrary files to any location on the server, achieving command execution. Public exploit code exists for this vulnerability.

Path Traversal AI / ML Mindsdb
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A vulnerability was determined in MuYuCMS 2.7. Affected is the function delete_dir_file of the file application/admin/controller/Template.php of the component Template Management Page. [CVSS 3.8 LOW]

PHP Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

HummerRisk versions up to 1.5.0 contain a path traversal vulnerability in the archive extraction functionality that allows authenticated remote attackers to read and write arbitrary files on the system. Public exploit code exists for this vulnerability, and no patch is currently available. The vulnerability affects the extractTarGZ and extractZip functions in the common utilities library.

Java Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Local file disclosure in ImageMagick before 7.1.2-15 and 6.9.13-40 lets attackers bypass the path security policy (policy-secure.xml) using directory traversal, reading files a rule such as `/etc/*` was meant to block. Because the policy matcher evaluates the raw, unnormalized filename string before the OS resolves it, a traversal sequence slips past the deny rule while the kernel still opens the real sensitive file. No public exploit is identified at time of analysis and EPSS is very low (0.04%), but the bug undermines a control specifically deployed to harden image-processing pipelines that handle untrusted input.

Path Traversal Imagemagick
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Path traversal in Dinky up to version 1.2.5 allows authenticated remote attackers to access arbitrary files on the system through manipulation of the projectName parameter in the GitRepository component. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can exploit this to read sensitive files or potentially escalate privileges within Java-based Dinky deployments.

Java Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Traccar GPS tracking system through version 6.11.1 allows authenticated users to conduct arbitrary file writes by setting device identifiers to absolute paths, which bypass path validation during image uploads. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with device management privileges could write files outside the intended media directory, potentially compromising system integrity.

Path Traversal Traccar
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Path traversal in Dromara UJCMS 101.2 Template Handler allows authenticated remote attackers to manipulate the deleteDirectory function and access files outside intended directories. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification. The attack requires valid credentials but can be executed remotely with minimal complexity.

Path Traversal Ujcms
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Path traversal in the pictureDelete function of feng_ha_ha/megagao ssm-erp and production_ssm allows authenticated remote attackers to manipulate the picName parameter and access arbitrary files on the system. Public exploit code exists for this vulnerability. No patch is currently available, and the developers have not responded to the disclosure.

Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Path traversal in the FileServiceImpl.deleteFile function of feng_ha_ha/megagao ssm-erp and production_ssm allows authenticated attackers to manipulate file deletion operations remotely. Public exploit code exists for this vulnerability, and the developer has not yet addressed the reported issue. An attacker with valid credentials could delete or access arbitrary files on the affected system.

Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Arbitrary host file exfiltration from Cloud Hypervisor VMM versions 34.0-50.0. CVSS 10.0. Patch available.

KVM Linux Information Disclosure +4
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Arbitrary file read vulnerability in GetSimple CMS affects all versions through its Uploaded Files feature, allowing unauthenticated remote attackers to access sensitive files on affected systems. Public exploit code exists for this vulnerability, and no patch is currently available. The high-severity flaw (CVSS 7.5) poses a significant confidentiality risk to all GetSimple CMS deployments.

Path Traversal Getsimple Cms
NVD GitHub
EPSS 16% CVSS 7.3
HIGH PATCH Act Now

Remote code execution in the MLflow Tracking Server allows unauthenticated attackers (PR:N) to abuse the artifact handler's path processing to read or write files outside the intended artifact root and ultimately run code as the server's service account. The flaw is a CWE-22 path traversal in artifact file-path handling reachable over the network with low complexity. No public exploit is identified at time of analysis, but the EPSS score of 15.58% (95th percentile) signals notably elevated near-term exploitation likelihood for an MLOps component frequently exposed on internal and cloud networks.

RCE Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

ADB Explorer through version 0.9.26020 fails to validate user-supplied directory paths, enabling local attackers to trigger recursive deletion of arbitrary filesystem directories including critical system and user folders. An attacker can exploit this by crafting a malicious shortcut or script that launches the application with a sensitive path argument, causing permanent data loss when the application processes the ClearDrag() function at startup or exit. Any user tricked into launching ADB Explorer via a weaponized shortcut or batch file faces complete loss of targeted directories such as Documents or user profile folders.

Path Traversal Microsoft Windows
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH This Week

Spring Data Geode's snapshot import feature on Windows systems is vulnerable to path traversal attacks that enable attackers to write arbitrary files outside the intended extraction directory. Remote attackers can exploit this vulnerability without authentication to potentially overwrite critical system or application files. No patch is currently available.

Path Traversal Microsoft Java
NVD HeroDevs VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Authenticated attackers can traverse directory restrictions in Mitchell Bennis Simple File List versions up to 6.1.15 to read files outside intended directories, requiring valid credentials but no user interaction. This path traversal vulnerability impacts confidentiality but not system integrity or availability, with no patch currently available.

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8. [CVSS 7.5 HIGH]

WordPress Path Traversal PHP
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8. [CVSS 8.6 HIGH]

WordPress Path Traversal PHP
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0. [CVSS 7.7 HIGH]

WordPress Path Traversal PHP
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0. [CVSS 8.6 HIGH]

WordPress Path Traversal PHP
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

primersoftware Primer MyData for Woocommerce primer-mydata contains a security vulnerability (CVSS 5.3).

WordPress Path Traversal PHP
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Murtaza Bhurgri Woo File Dropzone woo-file-dropzone allows Path Traversal.This issue affects Woo File Dropzone: from n/a through <= 1.1.7. [CVSS 7.7 HIGH]

Path Traversal
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 100plugins Open User Map open-user-map allows Path Traversal.This issue affects Open User Map: from n/a through <= 1.4.16. [CVSS 6.5 MEDIUM]

Path Traversal
NVD
EPSS 0% CVSS 2.3
LOW Monitor

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal.

Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path. [CVSS 6.5 MEDIUM]

Path Traversal
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Calibre versions 9.2.1 and below allow authenticated users to write arbitrary files with any extension to any writable location via path traversal in PDB file readers, potentially enabling code execution or system compromise through file overwriting. The vulnerability affects both 132-byte and 202-byte PDB header variants and silently overwrites existing files without warning. Public exploit code exists and patches are available in version 9.3.0 and later.

Denial Of Service Path Traversal Calibre +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Remote code execution in Calibre 9.2.1 and earlier allows authenticated users to write arbitrary files via a path traversal flaw in the extract_pictures() function that fails to properly sanitize directory traversal sequences. On Windows systems, attackers can exploit this to write malicious payloads to the Startup folder, achieving code execution upon the next user login. Public exploit code exists for this vulnerability, and a patch is available in version 9.3.0.

Windows RCE Path Traversal +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Music Assistant Server 2.6.3 and below enables unauthenticated network-adjacent attackers to execute arbitrary code through path traversal in the playlist update API, which fails to enforce file extension restrictions and allows writing malicious Python files to site-packages. The vulnerability is particularly critical because affected containers typically run as root, amplifying the impact of successful exploitation. No patch is currently available, leaving installations at risk until an upgrade to version 2.7.0 or later is performed.

Python RCE Path Traversal +1
NVD GitHub VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

OpenClaw versions 2026.1.12 through 2026.2.13 contain a path traversal vulnerability in the browser download helper that allows authenticated users with CLI access or valid gateway RPC tokens to write files outside the intended temporary downloads directory. An attacker with these credentials can exploit unsanitized output paths to place arbitrary files on the system. Version 2026.2.13 and later contain the fix.

Path Traversal AI / ML Openclaw
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

OpenClaw versions prior to 2026.2.14 allow authenticated users to read arbitrary files from the Gateway host through path traversal in the browser tool's upload functionality. An attacker with valid Gateway credentials and browser tool permissions can supply absolute or traversal paths to bypass file access restrictions and access sensitive files. This vulnerability requires authentication and browser tool enablement but presents a high confidentiality risk to affected deployments.

Path Traversal AI / ML Openclaw
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

OpenClaw's Feishu extension prior to version 2026.2.14 improperly handles `mediaUrl` parameters by treating attacker-controlled values as local filesystem paths, enabling unauthorized file read access. An attacker who can influence tool calls through direct manipulation or prompt injection could exfiltrate sensitive files like `/etc/passwd`. This high-severity path traversal vulnerability (CWE-22) is resolved in version 2026.2.14 and later, which implements proper access controls and routes media loading through hardened helpers.

Path Traversal AI / ML Openclaw
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows Path Traversal. The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. [CVSS 7.5 HIGH]

Path Traversal Xm Fax
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Penpot before version 2.13.2 contains a path traversal vulnerability in the font creation endpoint that allows authenticated users with team edit permissions to read arbitrary files from the server filesystem. By supplying local file paths such as `/etc/passwd` as font data, attackers can retrieve sensitive files including system configuration, application secrets, and credentials. Public exploit code exists for this vulnerability, which could enable further server compromise depending on the Penpot process permissions.

Path Traversal Information Disclosure Penpot
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Arbitrary file read and server-side request forgery in Hyland Alfresco Transformation Service (and the underlying Alfresco Transform Core, including 5.3.0-alpha1) allow unauthenticated remote attackers to read arbitrary files and coerce the server into making outbound requests via absolute path traversal. Hyland has published a coordinated security advisory (CVE-2026-26337/26338/26339). No public exploit has been identified at time of analysis and the EPSS probability is low (0.12%), but the network-facing, unauthenticated nature makes this a meaningful exposure for internet-reachable transform components.

SSRF Path Traversal Alfresco Transform Core +1
NVD
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Unauthenticated remote file read in Echo web framework versions 5.0.0-5.0.2 on Windows allows attackers to traverse outside the static root directory and access arbitrary files via backslash path sequences in requests. The vulnerability stems from improper path normalization where path.Clean() does not treat backslashes as separators, but the underlying os.Open() call on Windows does, enabling directory traversal. Public exploit code exists for this medium-severity vulnerability, though a patch is available in version 5.0.3.

Windows Golang Path Traversal +2
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Dell Unisphere for PowerMax 10.2 contains a relative path traversal flaw that allows authenticated remote attackers to modify critical system files without user interaction. The vulnerability affects systems with low-privileged user accounts and carries high integrity and availability impact, though no patch is currently available. With an EPSS score of 0.1%, exploitation likelihood remains low despite the HIGH severity rating.

Path Traversal Unisphere For Powermax
NVD
EPSS 0%
Monitor

Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.7 and <9.20.3) allows unauthenticated attackers to execute code via simple web requests

Path Traversal
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Path traversal in CyreneAdmin's image handler endpoint allows authenticated attackers to read arbitrary files on the server through manipulation of the Avatar parameter. The vulnerability affects versions up to 1.3.0 and requires valid user credentials to exploit, limiting the attack surface to authenticated users. Public exploit code exists and no patch is currently available.

Path Traversal Cyreneadmin
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Tsinghua Unigroup Electronic Archives System 3.2.210802 contains a path traversal vulnerability in the download functionality that allows authenticated remote attackers to read arbitrary files on the affected system. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires valid credentials but no user interaction, making it accessible to any authenticated user with network access.

Path Traversal Electronic Archives System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Path traversal in Tsinghua Unigroup Electronic Archives System 3.2.210802 allows authenticated remote attackers to read arbitrary files through manipulation of the path parameter in the /Search/Subject/downLoad function. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires valid credentials but no user interaction, making it a practical risk for organizations using this system.

Path Traversal Electronic Archives System
NVD GitHub VulDB
EPSS 2% CVSS 7.5
HIGH POC This Week

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. [CVSS 7.5 HIGH]

Path Traversal Gsoap Suse
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH POC This Week

Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. [CVSS 7.5 HIGH]

Windows Path Traversal
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Unauthenticated attackers can read arbitrary files from InvoicePlane servers through path traversal in the Guest controller's file retrieval function, potentially exposing database credentials and other sensitive configuration data. This vulnerability affects InvoicePlane versions up to 1.6.3 and has public exploit code available. Version 1.6.4 resolves the issue.

Path Traversal Invoiceplane
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Directory traversal in Rack versions prior to 2.2.22, 3.1.20, and 3.2.5 allows unauthenticated remote attackers to list directories outside the configured root by exploiting a string prefix matching flaw in path validation. An attacker can craft requests with path traversal sequences to enumerate sensitive directories if the target path shares a common prefix with the configured root directory. Public exploit code exists for this vulnerability.

Rack Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 3.5
LOW Monitor

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. [CVSS 3.5 LOW]

Path Traversal Splunk Splunk Cloud Platform
NVD
EPSS 0%
Monitor

Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service.

Windows Path Traversal
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

Arbitrary file deletion in WP-DownloadManager plugin versions up to 1.69 allows high-privileged WordPress administrators to bypass path validation and remove critical system files through directory traversal in the file deletion parameter. Deletion of essential files like wp-config.php can result in remote code execution or complete site compromise. No patch is currently available.

WordPress PHP RCE +1
NVD GitHub
EPSS 0% CVSS 2.7
LOW Monitor

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. [CVSS 2.7 LOW]

WordPress Path Traversal
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Path traversal in Blossom up to version 1.17.1 file upload functionality allows authenticated remote attackers to access arbitrary files on affected systems. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Java Path Traversal File Upload
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Arbitrary file deletion in Dell Avamar Server and Virtual Edition versions before 19.10 SP1 with CHF338912 stems from improper path traversal validation in the security module. High-privileged remote attackers can exploit this vulnerability to delete files on affected systems, though no patch is currently available.

Path Traversal
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. [CVSS 6.5 MEDIUM]

Path Traversal
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. [CVSS 4.7 MEDIUM]

Path Traversal Information Disclosure
NVD
EPSS 0% CVSS 9.4
CRITICAL Act Now

Path traversal in Rocket TRUfusion Enterprise through 7.10.5 via /axis2/services endpoint allows authenticated attackers to read and write arbitrary files on the host. EPSS 0.32%.

RCE Path Traversal Trufusion Enterprise
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Path traversal in ZenTao's editor component (versions up to 21.7.8) allows authenticated attackers to manipulate the filePath parameter and access files outside intended directories. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems vulnerable to unauthorized file access and potential information disclosure.

PHP Path Traversal Zentao
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

ZenTao versions up to 21.7.8 contain a path traversal vulnerability in the backup handler that allows authenticated attackers to manipulate file parameters and access or delete arbitrary files on the affected system. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be executed remotely without user interaction.

PHP Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Arbitrary PHP code execution in the Flexi Product Slider and Grid for WooCommerce WordPress plugin through version 1.0.5 allows authenticated contributors to exploit unsanitized file path parameters in the flexipsg_carousel shortcode to include and execute arbitrary files on the server. The vulnerability requires an attacker with Contributor-level access or above to create posts containing malicious shortcodes, but carries high risk due to lack of input validation on the theme parameter enabling local file inclusion attacks. No patch is currently available for this vulnerability.

WordPress PHP LFI +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The BFG Tools - Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0.7. This is due to insufficient input validation on the user-supplied `first_file` parameter in the `zip()` function. [CVSS 4.9 MEDIUM]

WordPress PHP Path Traversal
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Authenticated users in lakeFS prior to version 1.77.0 can exploit path traversal vulnerabilities in the local block adapter to read and write files outside their intended storage boundaries by bypassing insufficient prefix validation checks. An attacker with valid credentials can manipulate object identifiers and path sequences to access sibling directories and storage namespaces they should not have access to. A patch is available in version 1.77.0 and later.

Path Traversal Lakefs Suse
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM POC PATCH This Month

Path traversal in Tandoor Recipes prior to 2.5.1 allows authenticated users with import permissions to read arbitrary files from the server by manipulating file paths during recipe import operations. An attacker could access sensitive system files like /etc/passwd or application configuration files, potentially leading to full system compromise. Public exploit code exists for this vulnerability.

Path Traversal Recipes
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. [CVSS 7.5 HIGH]

Path Traversal Bacnet Stack
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

Zip slip to RCE in MojoPortal CMS v2.9.0.1 via /DesignTools/SkinList.aspx. Malicious ZIP archives write files outside extraction directory, enabling code execution. CVSS 10.0.

Path Traversal
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths. [CVSS 7.5 HIGH]

AWS Path Traversal
NVD Exploit-DB
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Arbitrary local file disclosure in Crawl4AI's Docker API (versions before 0.8.0) lets unauthenticated remote attackers read any file on the server by supplying file:// URLs to the /execute_js, /screenshot, /pdf, and /html endpoints. Because the API validates no scheme, an attacker can exfiltrate /etc/passwd, /etc/shadow, application config, and process environment via /proc/self/environ - directly exposing credentials and API keys. Publicly documented in GitHub advisory GHSA-vx9w-5cx4-9796 with a working request example; no public exploit identified as active exploitation, and EPSS is low (0.06%, 19th percentile).

Docker Crawl4ai Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older. [CVSS 7.5 HIGH]

Path Traversal Dna
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Arbitrary file write vulnerability in Apple's macOS, iOS, iPadOS, and Safari resulting from improper path handling logic allows remote attackers to write files without authentication or user interaction. Affected versions include macOS Tahoe 26.3 and earlier, macOS Sonoma 14.8.4 and earlier, iOS 18.7.5 and earlier, and Safari 26.3 and earlier. No patch is currently available for this high-severity vulnerability.

Apple Path Traversal
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper path validation in Apple's macOS, iOS, and visionOS allows local attackers to bypass directory access restrictions and read sensitive user data through crafted file paths. An authenticated user with local access can exploit this parsing weakness without user interaction to access confidential information. No patch is currently available for this vulnerability.

Apple Path Traversal
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper path validation in macOS and visionOS allows local attackers with user interaction to read sensitive user data through directory path manipulation. The vulnerability affects macOS Sequoia 15.7.3 and earlier, macOS Sonoma 14.8.3 and earlier, macOS Tahoe 26.2 and earlier, and visionOS 26.2 and earlier. No patch is currently available.

Apple Path Traversal
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in Apple macOS, iOS, and iPadOS through improper path validation allows authenticated attackers to gain root privileges on affected devices. The vulnerability requires local access and user interaction is not required, making it exploitable by malicious applications already present on the system. No patch is currently available for this high-severity flaw affecting multiple Apple operating systems.

Apple Path Traversal
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper path validation in macOS (Sequoia 15.7.3 and earlier, Tahoe 26.2 and earlier, Sonoma 14.8.3 and earlier) permits local authenticated users to escalate privileges to root through a malicious application. This path traversal vulnerability (CWE-22) has a CVSS score of 7.8 and currently lacks a publicly available patch.

Apple Path Traversal
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5. [CVSS 5.5 MEDIUM]

Apple Path Traversal
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. [CVSS 5.5 MEDIUM]

Apple Path Traversal Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Outline versions prior to 1.4.0 fail to validate attachment file paths during JSON import, allowing authenticated attackers with high privileges to traverse the directory structure and read arbitrary files from the server. Public exploit code exists for this path traversal vulnerability, and no patch is currently available for affected deployments.

Path Traversal Outline
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files. [CVSS 7.5 HIGH]

Path Traversal
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.5
HIGH This Week

Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function. [CVSS 7.5 HIGH]

Path Traversal Opensatkit
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Path traversal in nanotar npm package through 0.2.0. The parseTar() and parseTarGzip() functions allow attackers to write files outside the extraction directory.

Path Traversal Nanotar
NVD GitHub
Prev Page 17 of 86 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy