Skip to main content

Path Traversal

7729 CVEs technique

Monthly

CVE-2026-25869 MEDIUM This Month

MiniGal Nano 0.3.5 and earlier are vulnerable to a path traversal attack in the dir parameter that bypasses insufficient dot-dot sequence filtering, allowing unauthenticated remote attackers to access and enumerate image files from arbitrary filesystem locations readable by the web server. This results in confidential information disclosure from unintended directories. No patch is currently available.

PHP Path Traversal Information Disclosure Minigal Nano
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-64075 CRITICAL Act Now

Authentication bypass via path traversal in ZBT WE2001 router's check_token function. EPSS 0.69% — crafted requests bypass authentication entirely. CVSS 10.0.

Industrial Authentication Bypass Path Traversal
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2026-22894 MEDIUM This Month

File Station 6 contains a path traversal vulnerability that allows authenticated attackers to read arbitrary files and system data on affected systems. An attacker with valid user credentials can exploit this flaw to access sensitive information beyond intended restrictions. No patch is currently available for File Station 6, though File Station 5.5.6.5190 and later versions have been remediated.

Path Traversal File Station
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-68406 MEDIUM This Month

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 6.5 MEDIUM]

Path Traversal Qsync Central
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-66278 MEDIUM This Month

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 6.5 MEDIUM]

Path Traversal File Station
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-62856 MEDIUM This Month

A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.4 MEDIUM]

Path Traversal File Station
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-62855 MEDIUM This Month

A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.4 MEDIUM]

Path Traversal File Station
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-62853 MEDIUM This Month

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 6.5 MEDIUM]

Path Traversal File Station
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-58470 MEDIUM This Month

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 6.5 MEDIUM]

Path Traversal Qsync Central
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-58467 MEDIUM This Month

A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 6.5 MEDIUM]

Path Traversal Qsync Central
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-54162 MEDIUM This Month

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.9 MEDIUM]

Path Traversal File Station
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-1357 CRITICAL POC Act Now

Unauthenticated arbitrary file upload in WPvivid Backup & Migration WordPress plugin. EPSS 0.44%.

WordPress PHP OpenSSL RCE Path Traversal
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-25872 MEDIUM This Month

Unauthenticated path traversal in JUNG Smart Panel KNX firmware L1.12.22 and earlier allows remote attackers to read arbitrary files from the device's filesystem through the web interface. An attacker can leverage insufficient input validation to access sensitive system configuration and other confidential data without requiring authentication. No patch is currently available for this vulnerability.

Path Traversal
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-0651 MEDIUM This Month

TP-Link Tapo C260 v1 firmware contains a path traversal vulnerability in HTTPS GET request handling that allows local network attackers to probe filesystem paths and determine file existence without authentication. While the vulnerability does not permit file read, write, or code execution, it enables information disclosure about the device's filesystem structure to unauthenticated local users. No patch is currently available.

TP-Link Path Traversal RCE
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-12757 MEDIUM This Month

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to. [CVSS 4.6 MEDIUM]

Path Traversal Camera Station Pro
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-15314 MEDIUM This Month

Tanium addressed an arbitrary file deletion vulnerability in end-user-cx. [CVSS 5.5 MEDIUM]

Path Traversal End User Cx
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-15313 MEDIUM This Month

Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS. [CVSS 5.5 MEDIUM]

Path Traversal Euss
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-25951 npm HIGH PATCH This Week

Remote code execution in FUXA prior to 1.2.11 allows authenticated administrators to bypass path traversal protections using nested directory sequences, enabling arbitrary file writes to the server filesystem. An attacker with admin privileges can inject malicious scripts into runtime directories that execute when the server reloads, achieving complete system compromise. Update to version 1.2.11 or later to remediate.

SCADA RCE Path Traversal Fuxa
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-25895 npm CRITICAL POC PATCH Act Now

FUXA SCADA has a path traversal vulnerability — ninth critical vulnerability enabling arbitrary file access on SCADA servers.

SCADA Path Traversal Fuxa
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-15318 MEDIUM This Month

Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools. [CVSS 5.5 MEDIUM]

Path Traversal End User Notifications
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-25057 CRITICAL PATCH Act Now

MarkUs grading platform prior to 2.9.1 has a path traversal enabling students to access other students' submissions or grading data.

Path Traversal Markus
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-22905 HIGH This Week

Insufficient URI validation in CGI endpoints permits unauthenticated attackers to bypass authentication controls through path traversal techniques, enabling direct access to protected administrative functions and configuration files. An attacker can exploit this remotely without credentials to retrieve sensitive data and potentially modify system settings. No patch is currently available for this vulnerability.

Authentication Bypass Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-2216 LOW Monitor

Path traversal in rachelos WeRSS plugin versions up to 1.4.8 allows authenticated remote attackers to access arbitrary files through manipulation of the filename parameter in the download_export_file function. Public exploit code exists for this vulnerability. The issue requires valid credentials but has a low complexity attack surface, affecting file confidentiality without requiring user interaction.

Path Traversal
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2111 LOW POC Monitor

Path traversal in JeecgBoot's Retrieval-Augmented Generation Module (versions up to 3.9.0) allows authenticated remote attackers to access arbitrary files through manipulation of the filePath parameter in the /airag/knowledge/doc/edit endpoint. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Path Traversal Jeecg Boot
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-25760 Go MEDIUM POC PATCH This Month

Authenticated operators in Sliver C2 framework versions prior to 1.6.11 can read arbitrary files on the server through a path traversal vulnerability in the website content subsystem, potentially exposing sensitive credentials, configurations, and cryptographic keys. Public exploit code exists for this vulnerability. The issue is resolved in version 1.6.11 and later.

Wireguard Path Traversal Sliver Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25732 PyPI HIGH POC PATCH GHSA This Week

Path traversal in NiceGUI before 3.7.0 allows remote attackers to write arbitrary files outside intended directories by exploiting unsanitized filename metadata in the FileUpload.name property, potentially leading to remote code execution when developers incorporate this value directly into file paths. Public exploit code exists for this vulnerability, affecting applications using common patterns like concatenating user-supplied filenames with upload directories. Developers are only protected if they use fixed paths, generate filenames server-side, or explicitly sanitize user input.

Python RCE Path Traversal Nicegui
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25636 HIGH POC PATCH This Week

Calibre 9.1.0 and earlier contains a path traversal vulnerability in EPUB conversion that allows malicious EPUB files to corrupt or modify arbitrary files writable by the Calibre process. The vulnerability exploits improper handling of CipherReference URIs in encryption metadata, enabling attackers to write outside the intended extraction directory. Public exploit code exists for this high-severity issue, which is patched in version 9.2.0.

Path Traversal Calibre Red Hat Suse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-25635 HIGH POC PATCH This Week

Remote code execution in Calibre prior to version 9.2.0 through a path traversal flaw in the CHM reader allows local attackers to write arbitrary files with user permissions, enabling payload execution via the Windows Startup folder. Public exploit code exists for this vulnerability. Windows users should upgrade to Calibre 9.2.0 or later to remediate the risk.

Windows RCE Path Traversal Calibre Red Hat +1
NVD GitHub
CVSS 3.1
8.6
EPSS
0.2%
CVE-2026-25640 PyPI MEDIUM PATCH This Month

Pydantic AI versions 1.34.0 through 1.50.x contain a path traversal vulnerability in the web UI that allows unauthenticated attackers to inject arbitrary JavaScript by manipulating the CDN version parameter in a malicious URL. When a victim visits the crafted link, attacker-controlled code executes in their browser, enabling theft of chat history and other sensitive client-side data. No patch is currently available.

Python Path Traversal Pydantic Ai
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-24135 Go HIGH PATCH This Week

Arbitrary file deletion in Gogs 0.13.3 and earlier allows authenticated repository contributors to exploit a path traversal flaw in the wiki page update function, enabling deletion of arbitrary files on the affected server. An attacker with wiki write access can manipulate the old_title parameter to traverse the filesystem and remove critical files. No patch is currently available for this high-severity vulnerability (CVSS 8.1).

Path Traversal Gogs Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-23633 Go MEDIUM POC PATCH This Month

Gogs versions 0.13.3 and earlier are vulnerable to arbitrary file read and write operations through path traversal in the Git hook editing functionality, affecting self-hosted installations. An authenticated attacker with high privileges can exploit this vulnerability to access or modify files outside the intended directory. Public exploit code exists for this vulnerability, and no patch is currently available.

Path Traversal Gogs Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-1499 HIGH This Week

WP Duplicate WordPress plugin has a missing authorization vulnerability leading to arbitrary file deletion that can destroy the WordPress installation.

WordPress RCE Authentication Bypass Path Traversal File Upload
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-15328 MEDIUM This Month

Tanium addressed an improper link resolution before file access vulnerability in Enforce. [CVSS 5.0 MEDIUM]

Path Traversal Enforce
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-15324 MEDIUM This Month

Tanium addressed a documentation issue in Engage. [CVSS 6.6 MEDIUM]

Path Traversal Engage
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-69619 MEDIUM POC This Month

A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage. [CVSS 5.0 MEDIUM]

Denial Of Service Path Traversal My Teditor
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-1523 Monitor

Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server's file system, thet is, 'http://<host>/..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd'.

Path Traversal Information Disclosure
NVD
EPSS
0.1%
CVE-2026-1246 MEDIUM This Month

Arbitrary file read in ShortPixel Image Optimizer plugin for WordPress through path traversal in the loadLogFile AJAX action allows authenticated users with Editor-level privileges or higher to access sensitive server files including database credentials. The vulnerability exists in versions up to 6.4.2 due to insufficient path validation on the loadFile parameter, and no patch is currently available.

WordPress Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-22873 Go LOW PATCH Monitor

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. [CVSS 3.8 LOW]

Path Traversal Go
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2026-25575 HIGH POC PATCH This Week

Navigatum contains a vulnerability that allows attackers to overwrite files in directories writable by the application user (e (CVSS 7.5).

Path Traversal Navigatum
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25475 npm MEDIUM POC PATCH This Month

OpenClaw versions prior to 2026.1.30 suffer from a path traversal vulnerability in the isValidMedia() function that permits authenticated agents to read arbitrary files on the system by crafting malicious MEDIA output directives. An attacker with agent access can leverage this flaw to exfiltrate sensitive data accessible to the application process. Public exploit code exists for this vulnerability, and no patch is currently available.

Path Traversal AI / ML Openclaw
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-25161 Go HIGH POC PATCH GHSA This Week

Path traversal in Alist prior to version 3.57.0 allows authenticated users to manipulate filename parameters and bypass directory restrictions within the same storage mount. Attackers can exploit this vulnerability to perform unauthorized file operations including deletion, movement, and copying across user boundaries. Public exploit code exists for this vulnerability.

Path Traversal Alist Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25145 Go MEDIUM PATCH This Month

Melange versions 0.14.0 through 0.40.2 allow local attackers with configuration file control to read arbitrary files from the host system through path traversal in license file path validation, potentially exfiltrating sensitive data embedded in generated SBOMs. This vulnerability affects build pipeline scenarios where configuration is user-controlled, such as pull request-driven CI or build-as-a-service environments. A patch is available in version 0.40.3.

Golang Path Traversal Melange Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-24884 npm HIGH POC PATCH This Week

Compressing library versions 1.10.3 and prior, and 2.0.0 fail to validate symbolic link targets during TAR archive extraction, allowing attackers to write files to arbitrary locations on the filesystem. Public exploit code exists for this vulnerability, which could enable overwriting critical system files or establishing persistence. Patched versions 1.10.4 and 2.0.1 are available.

Path Traversal Compressing
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-24843 Go HIGH PATCH This Week

Melange versions 0.11.3 through 0.40.2 suffer from a path traversal vulnerability in the retrieveWorkspace function that fails to validate tar entry paths, allowing an attacker with control over a QEMU guest VM's tar stream to write arbitrary files outside the intended workspace directory on the host system. An attacker exploiting this vulnerability could achieve arbitrary file write capabilities on the host machine, potentially leading to system compromise. A patch is available in version 0.40.3 and later.

Path Traversal Melange Suse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-25121 Go HIGH PATCH This Week

Apko versions up to 1.1.1 contains a vulnerability that allows attackers to build and publish OCI container images built from apk packages (CVSS 7.5).

Golang Path Traversal Apko Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64712 PyPI CRITICAL PATCH Act Now

The unstructured Python library for document ingestion has a path traversal vulnerability allowing arbitrary file read/write during document processing.

Path Traversal Unstructured
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-15487 MEDIUM This Month

The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. [CVSS 4.9 MEDIUM]

WordPress Path Traversal PHP
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-20986 MEDIUM This Month

Samsung Members versions prior to 15.5.05.4 contain a path traversal vulnerability that enables local attackers to overwrite arbitrary data within the application. This vulnerability requires local access and valid user credentials but does not provide read access to sensitive information. No patch is currently available to address this issue.

Samsung Path Traversal Members
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20982 MEDIUM This Month

Android ShortcutService path traversal vulnerability prior to the February 2026 SMR Release 1 enables privileged local attackers to create files with system-level privileges. The vulnerability requires high-level authentication and does not affect confidentiality significantly, but could allow attackers to modify system files or degrade availability. No patch is currently available.

Path Traversal Android
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-69620 MEDIUM POC This Month

A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage. [CVSS 5.0 MEDIUM]

Denial Of Service Path Traversal Office Reader
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-1812 LOW POC Monitor

Path traversal in Bolo Solo up to version 2.6.4 allows authenticated attackers to manipulate file path arguments in the backup import function, potentially accessing or modifying arbitrary files on the affected system. Public exploit code exists for this vulnerability, and the maintainers have not yet released a patch despite early notification. The attack requires valid credentials but can be executed remotely over the network.

Java Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-1811 LOW POC Monitor

Path traversal in Bolo Solo's importFromMarkdown function allows authenticated attackers to manipulate file paths and access arbitrary files on affected systems. The vulnerability affects Bolo Solo versions up to 2.6.4 and requires valid credentials but no user interaction to exploit. Public exploit code exists for this vulnerability, and no patch is currently available.

Java Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2020-37088 HIGH POC This Week

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. [CVSS 7.5 HIGH]

PHP Path Traversal School Erp Pro
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
5.4%
CVE-2020-37086 MEDIUM POC This Month

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. [CVSS 6.2 MEDIUM]

Path Traversal
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
1.3%
CVE-2020-37082 CRITICAL POC Act Now

webERP 4.15.1 has an unauthenticated file access vulnerability allowing remote attackers to download sensitive files including configuration and database credentials.

Path Traversal Information Disclosure Weberp
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2020-37077 MEDIUM POC This Month

Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. [CVSS 6.5 MEDIUM]

PHP Path Traversal
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-24053 npm MEDIUM PATCH This Month

Claude Code versions prior to 2.0.74 allow authenticated users to write files outside designated directories by exploiting inadequate Bash command validation in ZSH clobber syntax parsing. An attacker with the ability to inject malicious content into a Claude Code context window on a ZSH-based system can bypass file restrictions and achieve unauthorized file writes without triggering user permission prompts. This vulnerability requires user interaction and ZSH environment configuration, making it suitable for supply chain or prompt injection attacks against Claude Code users.

Path Traversal AI / ML Claude Code
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1810 LOW POC Monitor

Path traversal in Bolo Solo up to version 2.6.4 allows authenticated attackers to manipulate ZIP file extraction operations in the BackupService component, potentially reading or writing arbitrary files on the affected system. Public exploit code is available for this vulnerability, and the vendor has not yet provided a patch despite early notification.

Java Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-65077 Monitor

A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

Path Traversal
NVD
EPSS
0.1%
CVE-2025-69431 MEDIUM POC This Month

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. [CVSS 6.1 MEDIUM]

Path Traversal Q2c Firmware
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-69430 MEDIUM POC This Month

An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 (version equal to or prior to V1.9.12), DM3 (version equal to or prior to V1.9.12), and DM200 (version equal to or prior to V1.2.23) that could be exploited by attackers to leak or tamper with the internal file system. [CVSS 6.1 MEDIUM]

Path Traversal Dm2 Firmware Dm200 Firmware Dm3 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-69429 MEDIUM POC This Month

The ORICO NAS CD3510 (version V1.9.12 and below) contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. [CVSS 6.1 MEDIUM]

Path Traversal Cd3510 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-63372 MEDIUM This Month

Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents. [CVSS 4.3 MEDIUM]

Path Traversal Zip Rar Extractor Tool
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-61658 LOW Monitor

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/GlobalContributions/GlobalContributionsPager.Php.

PHP Path Traversal
NVD
CVSS 4.0
1.3
EPSS
0.1%
CVE-2025-61646 LOW Monitor

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php.

PHP Path Traversal
NVD VulDB
CVSS 4.0
1.2
EPSS
0.1%
CVE-2025-61647 LOW Monitor

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Api/Rest/Handler/UserInfoHandler.Php.

PHP Path Traversal
NVD
CVSS 4.0
0.4
EPSS
0.1%
CVE-2025-61641 LOW Monitor

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php.

PHP Path Traversal
NVD VulDB
CVSS 4.0
1.7
EPSS
0.0%
CVE-2025-61634 LOW Monitor

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php.

PHP Path Traversal
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-25228 npm MEDIUM POC PATCH This Month

Signal K Server versions prior to 2.20.3 on Windows contain a path traversal vulnerability in the applicationData API that allows authenticated users to read, write, and list arbitrary files by bypassing directory validation using backslashes. The vulnerability exists because the validateAppId() function only blocks forward slashes, allowing attackers to escape the intended applicationData directory through Windows path semantics. Public exploit code exists for this medium-severity flaw, and a patch is available in version 2.20.3.

Windows Path Traversal Signal K Server
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-25059 Go HIGH POC PATCH This Week

OpenList Frontend versions prior to 4.1.10 contain a path traversal vulnerability in file operation handlers that allows authenticated users to bypass directory restrictions and access other users' files on the same storage mount. An attacker can exploit this by injecting ".." sequences into filename parameters to perform unauthorized file operations including deletion, renaming, and copying across user boundaries. Public exploit code exists for this vulnerability, which is resolved in version 4.1.10.

Path Traversal Openlist Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-66480 CRITICAL PATCH Act Now

Critical path traversal in Wildfire IM instant messaging server before 1.4.3 allows unauthenticated access to arbitrary files. EPSS 0.25%, patch available.

RCE Path Traversal Im Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-14914 HIGH This Week

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution. [CVSS 7.6 HIGH]

IBM Path Traversal Websphere Application Server RCE
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-1703 PyPI PATCH Monitor

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.

Path Traversal
NVD GitHub VulDB
EPSS
0.0%
CVE-2026-1186 Monitor

EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outside the intended directory (e.x.

Path Traversal
NVD
EPSS
0.1%
CVE-2022-50950 MEDIUM This Month

Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system. [CVSS 6.5 MEDIUM]

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-47921 MEDIUM This Month

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. [CVSS 6.5 MEDIUM]

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2026-25069 CRITICAL POC Act Now

Unauthenticated arbitrary file read and delete in SunFounder's Pironman Dashboard (pm_dashboard) 1.3.13 and earlier lets remote attackers abuse a path-traversal flaw in the log-file API to exfiltrate sensitive files and destroy critical system files. The dashboard runs on Raspberry Pi power/cooling hardware, so a successful attack can disclose configuration/secrets and cause data loss or denial of service. Publicly available exploit code exists; no active exploitation is confirmed, and EPSS remains low (0.20%).

Denial Of Service Path Traversal
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2020-37041 PyPI HIGH POC This Week

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. [CVSS 7.5 HIGH]

Linux Windows Path Traversal Opencti
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-37034 HIGH POC This Week

HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files. [CVSS 7.5 HIGH]

Path Traversal
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-25152 npm MEDIUM PATCH This Month

Backstage TechDocs plugin versions prior to 1.13.11 and 1.14.1 contain a path traversal vulnerability that allows authenticated attackers to read arbitrary files from the host filesystem when the local generator is enabled. The vulnerability stems from insufficient symlink validation during the documentation build process, enabling attackers to embed sensitive file contents into generated HTML accessible to documentation viewers. Organizations using `techdocs.generator.runIn: local` with untrusted documentation sources are at risk until patching to the fixed versions.

Node.js Docker Path Traversal Backstage Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22625 MEDIUM This Month

HIKSEMI NAS devices improperly validate filenames, allowing attackers with physical access to traverse directory structures and read sensitive system files. This vulnerability affects confidentiality but requires local presence and no authentication, making it a risk primarily in physically accessible environments. No patch is currently available for this issue.

Path Traversal
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-0963 CRITICAL Act Now

Path traversal in Crafty Controller game server management allows authenticated attackers to read/write files outside the intended directory. CVSS 9.9 with scope change.

RCE Path Traversal Crafty Controller
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-0805 HIGH This Week

Remote code execution in Crafty Controller's Backup Configuration feature results from insufficient path traversal validation, enabling authenticated attackers to manipulate files and execute arbitrary code on affected systems. The vulnerability requires valid credentials and specific conditions to exploit but carries high impact due to its ability to compromise system integrity and confidentiality. No patch is currently available.

RCE Path Traversal Crafty Controller
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-25116 HIGH POC This Week

Runtipi versions 4.5.0 through 4.7.1 contain an unauthenticated path traversal vulnerability in the UserConfigController that allows remote attackers to overwrite the docker-compose.yml configuration file through insecure URN parsing. An attacker can inject a malicious stack configuration that executes arbitrary code when the instance restarts, achieving full remote code execution and host compromise. Public exploit code exists and no patch is currently available.

Docker RCE Path Traversal Runtipi
NVD GitHub
CVSS 3.1
7.6
EPSS
0.1%
CVE-2026-24846 Go MEDIUM PATCH This Month

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. [CVSS 5.5 MEDIUM]

Path Traversal Malcontent Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-24687 NuGet MEDIUM PATCH This Month

Authenticated users in Umbraco Forms versions 16 and 17 can exploit a path traversal vulnerability to read arbitrary files on Mac and Linux systems running the CMS. An attacker with backoffice access can enumerate and access sensitive files through the export endpoint by manipulating the fileName parameter. No patch is currently available, though the vulnerability is mitigated by restricting backoffice access and blocking path traversal sequences at the WAF level.

Linux Path Traversal Umbraco Forms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-15543 MEDIUM This Month

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files. [CVSS 4.6 MEDIUM]

Path Traversal Vx800v Firmware
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-15541 MEDIUM This Month

Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk. [CVSS 6.3 MEDIUM]

Path Traversal Vx800v Firmware
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2020-37015 HIGH POC This Week

Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. [CVSS 7.5 HIGH]

Path Traversal
NVD Exploit-DB VulDB
CVSS 4.0
7.1
EPSS
0.4%
CVE-2026-1616 HIGH PATCH This Week

Open Security Issue Management (OSIM) prior to v2025.9.0 contains a path traversal vulnerability in its nginx configuration that improperly concatenates URI and query string parameters, allowing unauthenticated remote attackers to access unauthorized files and directories. The vulnerability affects both OSIM and Nginx deployments using vulnerable configurations, enabling information disclosure through crafted query parameters. A patch is available for affected versions.

Nginx Path Traversal Open Security Issue Management
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 6.9
MEDIUM This Month

MiniGal Nano 0.3.5 and earlier are vulnerable to a path traversal attack in the dir parameter that bypasses insufficient dot-dot sequence filtering, allowing unauthenticated remote attackers to access and enumerate image files from arbitrary filesystem locations readable by the web server. This results in confidential information disclosure from unintended directories. No patch is currently available.

PHP Path Traversal Information Disclosure +1
NVD VulDB
EPSS 1% CVSS 10.0
CRITICAL Act Now

Authentication bypass via path traversal in ZBT WE2001 router's check_token function. EPSS 0.69% — crafted requests bypass authentication entirely. CVSS 10.0.

Industrial Authentication Bypass Path Traversal
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

File Station 6 contains a path traversal vulnerability that allows authenticated attackers to read arbitrary files and system data on affected systems. An attacker with valid user credentials can exploit this flaw to access sensitive information beyond intended restrictions. No patch is currently available for File Station 6, though File Station 5.5.6.5190 and later versions have been remediated.

Path Traversal File Station
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 6.5 MEDIUM]

Path Traversal Qsync Central
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 6.5 MEDIUM]

Path Traversal File Station
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.4 MEDIUM]

Path Traversal File Station
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.4 MEDIUM]

Path Traversal File Station
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 6.5 MEDIUM]

Path Traversal File Station
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 6.5 MEDIUM]

Path Traversal Qsync Central
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 6.5 MEDIUM]

Path Traversal Qsync Central
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. [CVSS 4.9 MEDIUM]

Path Traversal File Station
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Unauthenticated arbitrary file upload in WPvivid Backup & Migration WordPress plugin. EPSS 0.44%.

WordPress PHP OpenSSL +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated path traversal in JUNG Smart Panel KNX firmware L1.12.22 and earlier allows remote attackers to read arbitrary files from the device's filesystem through the web interface. An attacker can leverage insufficient input validation to access sensitive system configuration and other confidential data without requiring authentication. No patch is currently available for this vulnerability.

Path Traversal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

TP-Link Tapo C260 v1 firmware contains a path traversal vulnerability in HTTPS GET request handling that allows local network attackers to probe filesystem paths and determine file existence without authentication. While the vulnerability does not permit file read, write, or code execution, it enables information disclosure about the device's filesystem structure to unauthenticated local users. No patch is currently available.

TP-Link Path Traversal RCE
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to. [CVSS 4.6 MEDIUM]

Path Traversal Camera Station Pro
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Tanium addressed an arbitrary file deletion vulnerability in end-user-cx. [CVSS 5.5 MEDIUM]

Path Traversal End User Cx
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS. [CVSS 5.5 MEDIUM]

Path Traversal Euss
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Remote code execution in FUXA prior to 1.2.11 allows authenticated administrators to bypass path traversal protections using nested directory sequences, enabling arbitrary file writes to the server filesystem. An attacker with admin privileges can inject malicious scripts into runtime directories that execute when the server reloads, achieving complete system compromise. Update to version 1.2.11 or later to remediate.

SCADA RCE Path Traversal +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

FUXA SCADA has a path traversal vulnerability — ninth critical vulnerability enabling arbitrary file access on SCADA servers.

SCADA Path Traversal Fuxa
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools. [CVSS 5.5 MEDIUM]

Path Traversal End User Notifications
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

MarkUs grading platform prior to 2.9.1 has a path traversal enabling students to access other students' submissions or grading data.

Path Traversal Markus
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Insufficient URI validation in CGI endpoints permits unauthenticated attackers to bypass authentication controls through path traversal techniques, enabling direct access to protected administrative functions and configuration files. An attacker can exploit this remotely without credentials to retrieve sensitive data and potentially modify system settings. No patch is currently available for this vulnerability.

Authentication Bypass Path Traversal
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Path traversal in rachelos WeRSS plugin versions up to 1.4.8 allows authenticated remote attackers to access arbitrary files through manipulation of the filename parameter in the download_export_file function. Public exploit code exists for this vulnerability. The issue requires valid credentials but has a low complexity attack surface, affecting file confidentiality without requiring user interaction.

Path Traversal
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Path traversal in JeecgBoot's Retrieval-Augmented Generation Module (versions up to 3.9.0) allows authenticated remote attackers to access arbitrary files through manipulation of the filePath parameter in the /airag/knowledge/doc/edit endpoint. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Path Traversal Jeecg Boot
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Authenticated operators in Sliver C2 framework versions prior to 1.6.11 can read arbitrary files on the server through a path traversal vulnerability in the website content subsystem, potentially exposing sensitive credentials, configurations, and cryptographic keys. Public exploit code exists for this vulnerability. The issue is resolved in version 1.6.11 and later.

Wireguard Path Traversal Sliver +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Path traversal in NiceGUI before 3.7.0 allows remote attackers to write arbitrary files outside intended directories by exploiting unsanitized filename metadata in the FileUpload.name property, potentially leading to remote code execution when developers incorporate this value directly into file paths. Public exploit code exists for this vulnerability, affecting applications using common patterns like concatenating user-supplied filenames with upload directories. Developers are only protected if they use fixed paths, generate filenames server-side, or explicitly sanitize user input.

Python RCE Path Traversal +1
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Calibre 9.1.0 and earlier contains a path traversal vulnerability in EPUB conversion that allows malicious EPUB files to corrupt or modify arbitrary files writable by the Calibre process. The vulnerability exploits improper handling of CipherReference URIs in encryption metadata, enabling attackers to write outside the intended extraction directory. Public exploit code exists for this high-severity issue, which is patched in version 9.2.0.

Path Traversal Calibre Red Hat +1
NVD GitHub
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Remote code execution in Calibre prior to version 9.2.0 through a path traversal flaw in the CHM reader allows local attackers to write arbitrary files with user permissions, enabling payload execution via the Windows Startup folder. Public exploit code exists for this vulnerability. Windows users should upgrade to Calibre 9.2.0 or later to remediate the risk.

Windows RCE Path Traversal +3
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Pydantic AI versions 1.34.0 through 1.50.x contain a path traversal vulnerability in the web UI that allows unauthenticated attackers to inject arbitrary JavaScript by manipulating the CDN version parameter in a malicious URL. When a victim visits the crafted link, attacker-controlled code executes in their browser, enabling theft of chat history and other sensitive client-side data. No patch is currently available.

Python Path Traversal Pydantic Ai
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Arbitrary file deletion in Gogs 0.13.3 and earlier allows authenticated repository contributors to exploit a path traversal flaw in the wiki page update function, enabling deletion of arbitrary files on the affected server. An attacker with wiki write access can manipulate the old_title parameter to traverse the filesystem and remove critical files. No patch is currently available for this high-severity vulnerability (CVSS 8.1).

Path Traversal Gogs Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Gogs versions 0.13.3 and earlier are vulnerable to arbitrary file read and write operations through path traversal in the Git hook editing functionality, affecting self-hosted installations. An authenticated attacker with high privileges can exploit this vulnerability to access or modify files outside the intended directory. Public exploit code exists for this vulnerability, and no patch is currently available.

Path Traversal Gogs Suse
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

WP Duplicate WordPress plugin has a missing authorization vulnerability leading to arbitrary file deletion that can destroy the WordPress installation.

WordPress RCE Authentication Bypass +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Tanium addressed an improper link resolution before file access vulnerability in Enforce. [CVSS 5.0 MEDIUM]

Path Traversal Enforce
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Tanium addressed a documentation issue in Engage. [CVSS 6.6 MEDIUM]

Path Traversal Engage
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage. [CVSS 5.0 MEDIUM]

Denial Of Service Path Traversal My Teditor
NVD GitHub VulDB
EPSS 0%
Monitor

Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server's file system, thet is, 'http://<host>/..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd'.

Path Traversal Information Disclosure
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Arbitrary file read in ShortPixel Image Optimizer plugin for WordPress through path traversal in the loadLogFile AJAX action allows authenticated users with Editor-level privileges or higher to access sensitive server files including database credentials. The vulnerability exists in versions up to 6.4.2 due to insufficient path validation on the loadFile parameter, and no patch is currently available.

WordPress Path Traversal
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. [CVSS 3.8 LOW]

Path Traversal Go
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Navigatum contains a vulnerability that allows attackers to overwrite files in directories writable by the application user (e (CVSS 7.5).

Path Traversal Navigatum
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

OpenClaw versions prior to 2026.1.30 suffer from a path traversal vulnerability in the isValidMedia() function that permits authenticated agents to read arbitrary files on the system by crafting malicious MEDIA output directives. An attacker with agent access can leverage this flaw to exfiltrate sensitive data accessible to the application process. Public exploit code exists for this vulnerability, and no patch is currently available.

Path Traversal AI / ML Openclaw
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Path traversal in Alist prior to version 3.57.0 allows authenticated users to manipulate filename parameters and bypass directory restrictions within the same storage mount. Attackers can exploit this vulnerability to perform unauthorized file operations including deletion, movement, and copying across user boundaries. Public exploit code exists for this vulnerability.

Path Traversal Alist Suse
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Melange versions 0.14.0 through 0.40.2 allow local attackers with configuration file control to read arbitrary files from the host system through path traversal in license file path validation, potentially exfiltrating sensitive data embedded in generated SBOMs. This vulnerability affects build pipeline scenarios where configuration is user-controlled, such as pull request-driven CI or build-as-a-service environments. A patch is available in version 0.40.3.

Golang Path Traversal Melange +1
NVD GitHub
EPSS 0% CVSS 8.4
HIGH POC PATCH This Week

Compressing library versions 1.10.3 and prior, and 2.0.0 fail to validate symbolic link targets during TAR archive extraction, allowing attackers to write files to arbitrary locations on the filesystem. Public exploit code exists for this vulnerability, which could enable overwriting critical system files or establishing persistence. Patched versions 1.10.4 and 2.0.1 are available.

Path Traversal Compressing
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Melange versions 0.11.3 through 0.40.2 suffer from a path traversal vulnerability in the retrieveWorkspace function that fails to validate tar entry paths, allowing an attacker with control over a QEMU guest VM's tar stream to write arbitrary files outside the intended workspace directory on the host system. An attacker exploiting this vulnerability could achieve arbitrary file write capabilities on the host machine, potentially leading to system compromise. A patch is available in version 0.40.3 and later.

Path Traversal Melange Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Apko versions up to 1.1.1 contains a vulnerability that allows attackers to build and publish OCI container images built from apk packages (CVSS 7.5).

Golang Path Traversal Apko +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

The unstructured Python library for document ingestion has a path traversal vulnerability allowing arbitrary file read/write during document processing.

Path Traversal Unstructured
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. [CVSS 4.9 MEDIUM]

WordPress Path Traversal PHP
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Samsung Members versions prior to 15.5.05.4 contain a path traversal vulnerability that enables local attackers to overwrite arbitrary data within the application. This vulnerability requires local access and valid user credentials but does not provide read access to sensitive information. No patch is currently available to address this issue.

Samsung Path Traversal Members
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Android ShortcutService path traversal vulnerability prior to the February 2026 SMR Release 1 enables privileged local attackers to create files with system-level privileges. The vulnerability requires high-level authentication and does not affect confidentiality significantly, but could allow attackers to modify system files or degrade availability. No patch is currently available.

Path Traversal Android
NVD
EPSS 0% CVSS 5.0
MEDIUM POC This Month

A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage. [CVSS 5.0 MEDIUM]

Denial Of Service Path Traversal Office Reader
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Path traversal in Bolo Solo up to version 2.6.4 allows authenticated attackers to manipulate file path arguments in the backup import function, potentially accessing or modifying arbitrary files on the affected system. Public exploit code exists for this vulnerability, and the maintainers have not yet released a patch despite early notification. The attack requires valid credentials but can be executed remotely over the network.

Java Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Path traversal in Bolo Solo's importFromMarkdown function allows authenticated attackers to manipulate file paths and access arbitrary files on affected systems. The vulnerability affects Bolo Solo versions up to 2.6.4 and requires valid credentials but no user interaction to exploit. Public exploit code exists for this vulnerability, and no patch is currently available.

Java Path Traversal
NVD GitHub VulDB
EPSS 5% CVSS 7.5
HIGH POC This Week

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. [CVSS 7.5 HIGH]

PHP Path Traversal School Erp Pro
NVD Exploit-DB
EPSS 1% CVSS 6.2
MEDIUM POC This Month

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. [CVSS 6.2 MEDIUM]

Path Traversal
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

webERP 4.15.1 has an unauthenticated file access vulnerability allowing remote attackers to download sensitive files including configuration and database credentials.

Path Traversal Information Disclosure Weberp
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. [CVSS 6.5 MEDIUM]

PHP Path Traversal
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Claude Code versions prior to 2.0.74 allow authenticated users to write files outside designated directories by exploiting inadequate Bash command validation in ZSH clobber syntax parsing. An attacker with the ability to inject malicious content into a Claude Code context window on a ZSH-based system can bypass file restrictions and achieve unauthorized file writes without triggering user permission prompts. This vulnerability requires user interaction and ZSH environment configuration, making it suitable for supply chain or prompt injection attacks against Claude Code users.

Path Traversal AI / ML Claude Code
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Path traversal in Bolo Solo up to version 2.6.4 allows authenticated attackers to manipulate ZIP file extraction operations in the BackupService component, potentially reading or writing arbitrary files on the affected system. Public exploit code is available for this vulnerability, and the vendor has not yet provided a patch despite early notification.

Java Path Traversal
NVD GitHub VulDB
EPSS 0%
Monitor

A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

Path Traversal
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. [CVSS 6.1 MEDIUM]

Path Traversal Q2c Firmware
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 (version equal to or prior to V1.9.12), DM3 (version equal to or prior to V1.9.12), and DM200 (version equal to or prior to V1.2.23) that could be exploited by attackers to leak or tamper with the internal file system. [CVSS 6.1 MEDIUM]

Path Traversal Dm2 Firmware Dm200 Firmware +1
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The ORICO NAS CD3510 (version V1.9.12 and below) contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. [CVSS 6.1 MEDIUM]

Path Traversal Cd3510 Firmware
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents. [CVSS 4.3 MEDIUM]

Path Traversal Zip Rar Extractor Tool
NVD
EPSS 0% CVSS 1.3
LOW Monitor

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/GlobalContributions/GlobalContributionsPager.Php.

PHP Path Traversal
NVD
EPSS 0% CVSS 1.2
LOW Monitor

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php.

PHP Path Traversal
NVD VulDB
EPSS 0% CVSS 0.4
LOW Monitor

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Api/Rest/Handler/UserInfoHandler.Php.

PHP Path Traversal
NVD
EPSS 0% CVSS 1.7
LOW Monitor

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php.

PHP Path Traversal
NVD VulDB
EPSS 0% CVSS 3.1
LOW Monitor

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php.

PHP Path Traversal
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

Signal K Server versions prior to 2.20.3 on Windows contain a path traversal vulnerability in the applicationData API that allows authenticated users to read, write, and list arbitrary files by bypassing directory validation using backslashes. The vulnerability exists because the validateAppId() function only blocks forward slashes, allowing attackers to escape the intended applicationData directory through Windows path semantics. Public exploit code exists for this medium-severity flaw, and a patch is available in version 2.20.3.

Windows Path Traversal Signal K Server
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

OpenList Frontend versions prior to 4.1.10 contain a path traversal vulnerability in file operation handlers that allows authenticated users to bypass directory restrictions and access other users' files on the same storage mount. An attacker can exploit this by injecting ".." sequences into filename parameters to perform unauthorized file operations including deletion, renaming, and copying across user boundaries. Public exploit code exists for this vulnerability, which is resolved in version 4.1.10.

Path Traversal Openlist Suse
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Critical path traversal in Wildfire IM instant messaging server before 1.4.3 allows unauthenticated access to arbitrary files. EPSS 0.25%, patch available.

RCE Path Traversal Im Server
NVD GitHub
EPSS 0% CVSS 7.6
HIGH This Week

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution. [CVSS 7.6 HIGH]

IBM Path Traversal Websphere Application Server +1
NVD
EPSS 0%
PATCH Monitor

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.

Path Traversal
NVD GitHub VulDB
EPSS 0%
Monitor

EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outside the intended directory (e.x.

Path Traversal
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system. [CVSS 6.5 MEDIUM]

Path Traversal
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. [CVSS 6.5 MEDIUM]

Path Traversal
NVD
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Unauthenticated arbitrary file read and delete in SunFounder's Pironman Dashboard (pm_dashboard) 1.3.13 and earlier lets remote attackers abuse a path-traversal flaw in the log-file API to exfiltrate sensitive files and destroy critical system files. The dashboard runs on Raspberry Pi power/cooling hardware, so a successful attack can disclose configuration/secrets and cause data loss or denial of service. Publicly available exploit code exists; no active exploitation is confirmed, and EPSS remains low (0.20%).

Denial Of Service Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. [CVSS 7.5 HIGH]

Linux Windows Path Traversal +1
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.5
HIGH POC This Week

HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files. [CVSS 7.5 HIGH]

Path Traversal
NVD Exploit-DB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Backstage TechDocs plugin versions prior to 1.13.11 and 1.14.1 contain a path traversal vulnerability that allows authenticated attackers to read arbitrary files from the host filesystem when the local generator is enabled. The vulnerability stems from insufficient symlink validation during the documentation build process, enabling attackers to embed sensitive file contents into generated HTML accessible to documentation viewers. Organizations using `techdocs.generator.runIn: local` with untrusted documentation sources are at risk until patching to the fixed versions.

Node.js Docker Path Traversal +2
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM This Month

HIKSEMI NAS devices improperly validate filenames, allowing attackers with physical access to traverse directory structures and read sensitive system files. This vulnerability affects confidentiality but requires local presence and no authentication, making it a risk primarily in physically accessible environments. No patch is currently available for this issue.

Path Traversal
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Path traversal in Crafty Controller game server management allows authenticated attackers to read/write files outside the intended directory. CVSS 9.9 with scope change.

RCE Path Traversal Crafty Controller
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Remote code execution in Crafty Controller's Backup Configuration feature results from insufficient path traversal validation, enabling authenticated attackers to manipulate files and execute arbitrary code on affected systems. The vulnerability requires valid credentials and specific conditions to exploit but carries high impact due to its ability to compromise system integrity and confidentiality. No patch is currently available.

RCE Path Traversal Crafty Controller
NVD
EPSS 0% CVSS 7.6
HIGH POC This Week

Runtipi versions 4.5.0 through 4.7.1 contain an unauthenticated path traversal vulnerability in the UserConfigController that allows remote attackers to overwrite the docker-compose.yml configuration file through insecure URN parsing. An attacker can inject a malicious stack configuration that executes arbitrary code when the instance restarts, achieving full remote code execution and host compromise. Public exploit code exists and no patch is currently available.

Docker RCE Path Traversal +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. [CVSS 5.5 MEDIUM]

Path Traversal Malcontent Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Authenticated users in Umbraco Forms versions 16 and 17 can exploit a path traversal vulnerability to read arbitrary files on Mac and Linux systems running the CMS. An attacker with backoffice access can enumerate and access sensitive files through the export endpoint by manipulating the fileName parameter. No patch is currently available, though the vulnerability is mitigated by restricting backoffice access and blocking path traversal sequences at the WAF level.

Linux Path Traversal Umbraco Forms
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files. [CVSS 4.6 MEDIUM]

Path Traversal Vx800v Firmware
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk. [CVSS 6.3 MEDIUM]

Path Traversal Vx800v Firmware
NVD
EPSS 0% CVSS 7.1
HIGH POC This Week

Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. [CVSS 7.5 HIGH]

Path Traversal
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Open Security Issue Management (OSIM) prior to v2025.9.0 contains a path traversal vulnerability in its nginx configuration that improperly concatenates URI and query string parameters, allowing unauthenticated remote attackers to access unauthorized files and directories. The vulnerability affects both OSIM and Nginx deployments using vulnerable configurations, enabling information disclosure through crafted query parameters. A patch is available for affected versions.

Nginx Path Traversal Open Security Issue Management
NVD GitHub
Prev Page 18 of 86 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy