Skip to main content

Path Traversal

7729 CVEs technique

Monthly

CVE-2026-1588 LOW POC Monitor

A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.operator.DefaultPluginOperator. [CVSS 2.7 LOW]

Path Traversal Jsherp
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2026-1549 LOW POC Monitor

jshERP versions up to 3.6 contain a path traversal vulnerability in the PluginController's file upload functionality that allows authenticated attackers to read arbitrary files on the server. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite being notified of the issue.

Path Traversal Jsherp
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-1532 LOW POC Monitor

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. [CVSS 2.4 LOW]

D-Link Path Traversal File Upload
NVD VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2025-69601 MEDIUM POC This Month

A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. [CVSS 6.5 MEDIUM]

Path Traversal 66biolinks
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2020-36973 MEDIUM POC This Month

PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. [CVSS 6.5 MEDIUM]

PHP RCE Path Traversal
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-24842 npm HIGH POC PATCH This Week

node-tar before version 7.5.7 contains a path traversal vulnerability where inconsistent path resolution between validation and execution logic allows attackers to bypass security checks and create hardlinks to arbitrary files outside the intended extraction directory. Public exploit code exists for this vulnerability, affecting Node.js applications that process untrusted TAR archives. An attacker can craft a malicious TAR file to write to sensitive locations on the system.

Node.js Path Traversal Tar
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-24909 npm MEDIUM PATCH This Month

Path traversal in vlt versions before 1.0.0-rc.10 allows local attackers to write files outside their intended directories during tar archive extraction due to insufficient path sanitization. An attacker with local access could exploit this to overwrite arbitrary files on the system with elevated scope impact. No patch is currently available for this vulnerability.

Path Traversal
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-24741 HIGH POC PATCH This Week

Arbitrary file deletion in ConvertX prior to version 0.17.0 allows authenticated attackers to remove files outside the intended upload directory by exploiting insufficient path validation in the POST /delete endpoint. The vulnerability enables attackers to supply path traversal sequences that bypass directory restrictions, with impact limited only by server process permissions. Public exploit code exists for this HIGH severity flaw, though a patch is available in version 0.17.0.

Path Traversal Convertx
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-23593 HIGH This Week

web-based management interface of HPE Aruba Networking Fabric Composer is affected by path traversal (CVSS 7.5).

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2020-36939 HIGH POC This Week

Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. [CVSS 7.5 HIGH]

Apache Path Traversal
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2026-24801 Monitor

Vulnerability in Ralim IronOS (source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source modules). This vulnerability is associated with program files ecc_dsa.C.

Path Traversal
NVD GitHub
EPSS
0.0%
CVE-2026-24486 PyPI HIGH POC PATCH This Week

Arbitrary file write in python-multipart prior to 0.0.22 lets remote attackers place uploaded files outside the intended upload directory by supplying a filename that begins with an absolute path (e.g. '/etc/...'). The flaw only manifests in deployments that enable the non-default options UPLOAD_DIR plus UPLOAD_KEEP_FILENAME=True, where os.path.join silently discards the configured directory. Publicly available exploit code exists (Exploit-DB 52543, GHSA-wp53-j4wj-2cfg), though EPSS is very low (0.03%, 7th percentile) and it is not in CISA KEV.

Python Path Traversal Python Multipart
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24479 CRITICAL POC PATCH Act Now

HUSTOJ online judge has a path traversal vulnerability enabling arbitrary file access on the competition server.

Linux PHP MySQL RCE Path Traversal +1
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-24478 HIGH POC This Week

AnythingLLM versions prior to 1.10.0 contain a path traversal vulnerability in the DrupalWiki integration that allows malicious administrators or attackers with admin privileges to write arbitrary files to the server, potentially achieving remote code execution through configuration file overwriting or malicious script injection. Public exploit code exists for this vulnerability, and no patch is currently available for affected deployments. The attack requires high-level privileges but carries critical risk due to the ability to completely compromise server integrity.

Drupal RCE Path Traversal AI / ML Anythingllm
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2026-24123 PyPI HIGH PATCH This Week

BentoML versions prior to 1.4.34 allow path traversal attacks through improperly validated file path fields in bentofile.yaml configurations, enabling attackers to embed arbitrary files from the victim's system into bento archives during the build process. This vulnerability can be exploited to exfiltrate sensitive data such as credentials, SSH keys, and environment variables into supply chain artifacts that may be pushed to registries or deployed in production environments. A patch is available in version 1.4.34.

Python Docker Path Traversal AI / ML Bentoml
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-23890 npm MEDIUM POC PATCH This Month

Pnpm versions up to 10.28.1 contains a vulnerability that allows attackers to overwriting config files, scripts, or other sensitive files (CVSS 6.5).

Node.js Path Traversal Pnpm Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23889 npm MEDIUM POC PATCH This Month

Path traversal in pnpm's tarball extraction on Windows allows attackers to write files outside the intended package directory by exploiting incomplete path normalization that fails to block backslash-based traversal sequences. Public exploit code exists for this vulnerability, which affects Windows developers and CI/CD pipelines (GitHub Actions, Azure DevOps) and could result in overwriting sensitive configuration files like .npmrc or build configurations. A patch is available in pnpm version 10.28.1 and later.

Windows Node.js Azure Github Path Traversal +2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23888 npm MEDIUM POC PATCH This Month

Path traversal in pnpm's binary fetcher (versions prior to 10.28.1) allows attackers to write files outside the intended extraction directory through malicious ZIP entries or crafted prefix values, potentially overwriting critical configuration files and scripts on affected systems. All pnpm users installing packages with binary assets are vulnerable, particularly those in CI/CD pipelines or with custom Node.js binary configurations. Public exploit code exists for this medium-severity vulnerability.

Node.js Path Traversal Pnpm Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-59099 Monitor

The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication.

SQLi Denial Of Service Path Traversal
NVD
EPSS
0.2%
CVE-2026-24469 HIGH This Week

C++ HTTP Server versions 1.0 and below suffer from a path traversal vulnerability in the RequestHandler::handleRequest method that permits unauthenticated remote attackers to read arbitrary files from the server filesystem through malicious HTTP GET requests containing directory traversal sequences. The vulnerability stems from insufficient input validation on the URL path, which is directly concatenated to the base directory without sanitization. No patch is currently available.

Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47903 HIGH POC This Week

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. [CVSS 8.8 HIGH]

RCE Path Traversal Command Injection
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-11002 HIGH PATCH This Week

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. [CVSS 7.8 HIGH]

RCE Path Traversal 7 Zip Suse
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-20613 HIGH POC This Week

Path traversal in the ArchiveReader.extractContents() function used by container image load operations allows local attackers to write arbitrary files to any user-writable location on the system by crafting malicious archives with relative pathnames. Public exploit code exists for this vulnerability, and affected users cannot currently patch as fixes are only available in container 0.8.0 and containerization 0.21.0. The vulnerability requires local access and user interaction but carries high severity due to potential for file overwrite and system compromise.

Path Traversal Containerization Container
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21227 HIGH PATCH This Week

Privilege escalation in Azure Logic Apps results from improper path validation, enabling remote attackers to gain elevated access without authentication or user interaction. Organizations using Azure Logic Apps are at risk of unauthorized privilege elevation through network-based attacks, with no available patch currently provided.

Azure Path Traversal Azure Logic Apps
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-23954 Go HIGH POC PATCH This Week

Incus is a system container and virtual machine manager. [CVSS 8.7 HIGH]

Path Traversal Incus Suse
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-69097 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through <= 1.9.9.5.4. [CVSS 8.1 HIGH]

Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-69055 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder allows Path Traversal.This issue affects BM Content Builder: from n/a before 3.16.3.3. [CVSS 6.5 MEDIUM]

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-68912 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Harmonic Design HDForms hdforms allows Path Traversal.This issue affects HDForms: from n/a through <= 1.6.1. [CVSS 8.6 HIGH]

Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-68907 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Hostme v2 hostmev2 allows Path Traversal.This issue affects Hostme v2: from n/a through <= 7.0. [CVSS 7.5 HIGH]

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-68902 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0. [CVSS 7.3 HIGH]

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68901 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0. [CVSS 8.6 HIGH]

Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-67963 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ovatheme Movie Booking movie-booking allows Path Traversal.This issue affects Movie Booking: from n/a through <= 1.1.5. [CVSS 8.6 HIGH]

Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2023-7335 HIGH POC This Week

Arbitrary file read in EduSoho versions prior to 22.4.7 lets a remote, unauthenticated attacker retrieve any file on the server through the classroom-course-statistics export feature. By injecting path-traversal sequences into the fileNames[] parameter, an attacker can pull sensitive files such as config/parameters.yml, exposing database credentials and application secrets. Publicly available exploit code exists, and the Shadowserver Foundation reported observing exploitation evidence on 2026-01-19, though the flaw is not listed as CISA KEV in the provided data; EPSS remains low at 0.13%.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-69820 LIB MEDIUM POC PATCH This Month

Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function. [CVSS 6.0 MEDIUM]

Path Traversal Beta9 Suse
NVD GitHub
CVSS 3.1
6.0
EPSS
0.2%
CVE-2025-69612 MEDIUM POC This Month

A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. [CVSS 6.5 MEDIUM]

Path Traversal Tms Management Console
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-67684 HIGH This Week

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. [CVSS 7.2 HIGH]

PHP RCE LFI Path Traversal Quick.Cart
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2026-1330 HIGH This Week

MeetingHub Paperless Meetings contains an arbitrary file read vulnerability that enables unauthenticated remote attackers to download sensitive system files through path traversal exploitation. The vulnerability affects all installations without authentication requirements, allowing attackers to access confidential data with high confidentiality impact. No patch is currently available for this issue.

Path Traversal Meetinghub Paperless Meetings
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24049 PyPI MEDIUM POC PATCH This Month

Malicious wheel files can modify file permissions on critical system files during extraction in Python wheel versions 0.40.0-0.46.1, enabling attackers to alter SSH keys, configuration files, or executable scripts. This path traversal and permission manipulation flaw affects systems unpacking untrusted wheels and can lead to privilege escalation or arbitrary code execution. Public exploit code exists for this vulnerability, though a patch is available in version 0.46.2.

Python Privilege Escalation Wheel RCE Path Traversal
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-24047 npm MEDIUM PATCH This Month

The resolveSafeChildPath function in Backstage's backend-plugin-api prior to version 0.1.17 improperly validates symlink chains and dangling symlinks, allowing authenticated attackers to bypass path traversal protections used by Scaffolder actions and other backend components. An attacker with low privileges could exploit this to access files outside the intended directory boundaries by chaining intermediate symlinks or creating symlinks pointing to non-existent paths that are later materialized during file operations. This affects Backstage installations relying on the vulnerable path validation function for security isolation.

Path Traversal Red Hat
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-24046 npm HIGH PATCH This Week

Backstage Scaffolder actions and archive extraction utilities are vulnerable to symlink-based path traversal attacks, allowing authenticated users with template creation privileges to read sensitive files, delete arbitrary files outside the workspace, or write malicious files via crafted symlinks in tar/zip archives. This affects deployments where users can create or execute Scaffolder templates, with no patch currently available for versions prior to @backstage/backend-defaults 0.12.2.

Path Traversal
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2021-47850 HIGH POC This Week

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. [CVSS 7.5 HIGH]

Path Traversal Mini Mouse
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-47849 MEDIUM POC This Month

Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests. [CVSS 6.2 MEDIUM]

Path Traversal Mini Mouse
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
0.2%
CVE-2021-47746 HIGH POC This Week

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. [CVSS 7.5 HIGH]

Path Traversal
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-23949 PyPI HIGH POC PATCH This Week

Jaraco.context versions 5.2.0 through 6.0.x contain a path traversal vulnerability in the tarball() function that allows attackers to extract files outside the intended directory when processing malicious tar archives, with public exploit code available. The vulnerability exploits insufficient path validation that fails to properly filter directory traversal sequences like `../`, potentially enabling unauthorized file extraction and nested tarball attacks. This affects all users processing untrusted tar archives with the vulnerable versions.

Path Traversal Jaraco.Context Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-22218 PyPI HIGH POC PATCH This Week

Arbitrary file read in Chainlit versions prior to 2.9.4 lets an authenticated user disclose any file readable by the Chainlit service process by abusing the /project/element update flow with a user-controlled path. The server copies the referenced file into the attacker's session and returns a chainlitKey usable at /project/file/<chainlitKey> to exfiltrate contents. Publicly available exploit code exists (documented as part of the 'ChainLeak' research by Zafran), though EPSS is very low (0.03%) and it is not on CISA KEV.

Path Traversal Chainlit
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-23877 PyPI MEDIUM PATCH This Month

Swing Music is a self-hosted music player for local audio files. versions up to 2.1.4 contains a security vulnerability.

Path Traversal Swing Music
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2026-23850 Go HIGH POC PATCH This Week

Remote attackers can read arbitrary files from SiYuan servers (versions prior to 3.5.4) by exploiting server-side HTML rendering in the markdown feature. The path traversal vulnerability (CWE-22) requires no authentication and has low attack complexity, making it trivially exploitable. A public exploit exists and EPSS scoring indicates 9% exploitation probability (25th percentile), suggesting limited but active reconnaissance. Vendor patch available in version 3.5.4.

Path Traversal Siyuan
NVD GitHub
CVSS 4.0
7.8
EPSS
0.1%
CVE-2026-23644 Go HIGH POC PATCH This Week

Path traversal in esm.sh CDN prior to version 0.0.0-20260116051925-c62ab83c589e allows unauthenticated remote attackers to write arbitrary files to the server through malicious tar archives, bypassing incomplete path sanitization. Public exploit code exists for this vulnerability. The issue stems from improper validation of absolute paths in tar file entries, enabling potential code execution or service disruption on affected systems.

Golang Github Path Traversal Esm.Sh Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-1111 LOW POC Monitor

Path traversal in Sanluan PublicCMS up to version 5.202506.d allows remote attackers with high privileges to manipulate the path parameter in the Task Template Management handler, enabling unauthorized file access or manipulation. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Java Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-23745 npm HIGH POC PATCH This Week

Arbitrary file overwrite and symlink poisoning in the node-tar library (versions <= 7.5.2) lets a malicious tar archive escape its intended extraction root, even with the default-secure preservePaths=false setting. The flaw stems from missing sanitization of the linkpath on hardlink and symbolic-link entries, so absolute symlink targets and hardlinks can redirect writes outside the extraction directory when a victim application unpacks attacker-supplied archives. Publicly available exploit code exists via the GitHub Security Advisory (GHSA-8qq5-rm4j-mr97), though EPSS exploitation probability is very low (0.01%) and it is not listed in CISA KEV; the issue is fixed in 7.5.3.

Node.js Tar Path Traversal
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-23535 PyPI HIGH PATCH This Week

The wlc Weblate command-line client prior to version 1.17.2 is vulnerable to arbitrary file write attacks through path traversal when downloading multi-translations from a malicious or compromised server. An authenticated attacker can exploit this vulnerability by crafting a specially designed server response to write files to arbitrary locations on the victim's system, potentially compromising system integrity. This vulnerability affects wlc versions before 1.17.2 and is fixed in the patched version.

Path Traversal Wlc
NVD GitHub
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-68921 HIGH This Week

SteelSeries Nahimic 3 1.10.7 allows Directory traversal. [CVSS 7.8 HIGH]

Path Traversal Nahimic
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-22876 MEDIUM This Month

TOA Corporation TRIFORA 3 series network cameras contain a path traversal vulnerability that allows authenticated users with monitoring privileges or higher to read arbitrary files from the device. An attacker with valid credentials can exploit this flaw to access sensitive information stored on the affected cameras. No patch is currently available for this vulnerability.

Path Traversal
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2026-1022 HIGH This Week

Gotac's Statistics Database System is vulnerable to unauthenticated path traversal attacks that enable remote attackers to read arbitrary files from affected systems without authentication. The vulnerability affects industrial and statistics database deployments, allowing an attacker to download sensitive system files and potentially obtain confidential data. No patch is currently available for this high-severity vulnerability.

Industrial Path Traversal Statistics Database System
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-1020 MEDIUM This Month

Gotac's Police Statistics Database System contains a path traversal vulnerability that enables unauthenticated remote attackers to enumerate system directories and access sensitive files. The flaw affects industrial and law enforcement deployments with network accessibility, potentially exposing confidential database contents and system architecture details. No patch is currently available for this medium-severity vulnerability.

Industrial Path Traversal Police Statistics Database System
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-1018 HIGH This Week

Gotac's Police Statistics Database System is vulnerable to unauthenticated arbitrary file read attacks via absolute path traversal, enabling remote attackers to download sensitive system files without authentication. The vulnerability carries high severity (CVSS 7.5) with broad network accessibility and no user interaction required. No patch is currently available, leaving affected deployments at risk until remediation is released.

Industrial Path Traversal Police Statistics Database System
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2021-47795 MEDIUM POC This Month

GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. [CVSS 6.2 MEDIUM]

RCE XSS LFI Path Traversal
NVD Exploit-DB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-22249 HIGH POC PATCH This Week

Docmost versions 0.21.0 through 0.23.x contain a path traversal vulnerability in the zip import feature that allows authenticated attackers to write arbitrary files to the system due to insufficient filename validation. Public exploit code exists for this vulnerability, which could enable attackers to overwrite critical application files or achieve code execution. The vulnerability is patched in version 0.24.0 and affects all installations using the vulnerable import functionality.

Path Traversal Docmost
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-66292 Go HIGH POC PATCH This Week

DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. [CVSS 8.1 HIGH]

Golang Path Traversal Dpanel Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-67076 HIGH This Week

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read. [CVSS 7.5 HIGH]

Path Traversal Agora Project
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2021-47755 HIGH POC This Week

Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. [CVSS 7.5 HIGH]

Path Traversal Oliver V5 Library
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-67083 MEDIUM POC This Month

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration. [CVSS 5.3 MEDIUM]

Path Traversal Invoiceplane
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-13154 MEDIUM This Month

An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges. [CVSS 5.5 MEDIUM]

Path Traversal
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-15486 MEDIUM This Month

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. [CVSS 4.4 MEDIUM]

WordPress XSS Path Traversal PHP
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-15020 MEDIUM This Month

Gotham Block Extra Light (WordPress plugin) versions up to 1.5.0 is affected by path traversal (CVSS 6.5).

WordPress Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-14301 CRITICAL Act Now

Integration Opvius AI for WooCommerce (through 1.3.0) has unauthenticated path traversal allowing arbitrary file download and deletion. No authentication, no nonce verification, no path validation.

WordPress PHP Path Traversal
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2022-50939 HIGH POC This Week

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. [CVSS 7.2 HIGH]

PHP Path Traversal E107
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-50932 HIGH POC This Week

Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. [CVSS 7.5 HIGH]

Path Traversal Command Center Rx
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-50890 HIGH POC This Week

Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. [CVSS 7.5 HIGH]

Path Traversal Owlfiles
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-47751 HIGH POC This Week

CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. [CVSS 7.5 HIGH]

PHP Path Traversal Rich Text Editor
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-47749 MEDIUM POC This Month

YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. [CVSS 5.5 MEDIUM]

PHP LFI Path Traversal Youphptube
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-22871 PyPI CRITICAL PATCH Act Now

GuardDog security scanner before 2.7.1 has a path traversal in safe_extract() that allows malicious PyPI packages to write files outside the extraction directory. Ironic vulnerability in a tool designed to detect malicious packages. Patch available.

RCE Path Traversal AI / ML Guarddog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-37177 MEDIUM This Month

An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 6.5 MEDIUM]

Path Traversal Information Disclosure Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-37168 HIGH This Week

Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. [CVSS 8.2 HIGH]

Path Traversal Information Disclosure Arubaos
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-20834 MEDIUM PATCH This Month

Windows Shell path traversal vulnerability affecting Windows 10 21H2, Windows Server 2016, 2019, and 2022 allows an attacker with physical access to spoof system resources without requiring user interaction. The vulnerability has no patch available and poses a confidentiality risk through unauthorized information disclosure.

Windows Path Traversal Windows Server 2016 Windows 10 21h2 Windows Server 2022 23h2 +12
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-58693 MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests. [CVSS 6.5 MEDIUM]

Fortinet Path Traversal Fortivoice
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-25652 HIGH POC This Week

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. [CVSS 7.5 HIGH]

Path Traversal Archibus
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2026-0408 HIGH PATCH This Week

NETGEAR WiFi extenders (Ex5000, Ex6110, Ex2800, Ex3110) with improper path traversal validation allow authenticated LAN users to access the webproc configuration file and extract stored router credentials. An attacker with local network access can leverage this to obtain administrative credentials for further network compromise. A patch is available.

Netgear Path Traversal Ex5000 Firmware Ex6110 Firmware Ex2800 Firmware +1
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-9435 MEDIUM PATCH This Month

Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module [CVSS 5.5 MEDIUM]

Path Traversal Manageengine Admanager Plus
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-22786 Go HIGH POC PATCH This Week

Gin-vue-admin versions 2.8.7 and earlier contain a path traversal vulnerability in the breakpoint resume upload API that allows authenticated attackers to write arbitrary files to any directory on the system. Public exploit code exists for this vulnerability, which affects administrators and users with file upload privileges. An attacker can bypass directory restrictions by injecting traversal sequences (../) into the fileName parameter to escape the intended fileDir location.

Golang Path Traversal Gin Vue Admin Suse
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-68472 PyPI HIGH POC PATCH GHSA This Week

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. [CVSS 8.1 HIGH]

Path Traversal AI / ML Mindsdb
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-66689 MEDIUM POC This Month

A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. [CVSS 6.5 MEDIUM]

Path Traversal Pal Mcp Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-69267 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.This issue affects DX NetOps Spectrum: 24.3.8 and earlier. [CVSS 6.5 MEDIUM]

Broadcom Linux Windows Path Traversal Dx Netops Spectrum
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-22685 HIGH PATCH This Week

DevToys versions 2.0.0.0 through 2.0.8.x are vulnerable to path traversal attacks during extension package installation, allowing attackers to write files outside the intended directory by crafting malicious NUPKG archives with directory traversal sequences. An attacker can exploit this to overwrite arbitrary files with DevToys process privileges, potentially enabling code execution or system compromise on affected systems. The vulnerability is patched in version 2.0.9.0.

Path Traversal Devtoys
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-61686 npm CRITICAL PATCH Act Now

React Router (@react-router/node 7.0.0-7.9.3) has a path traversal in file-based session storage when using unsigned cookies. Attackers can manipulate session file paths to read or write arbitrary files on the server.

Path Traversal React Router Node Remix Run Deno Remix Run Node
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-66744 HIGH POC This Week

In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system [CVSS 7.5 HIGH]

Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
6.6%
CVE-2025-66051 MEDIUM This Month

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. [CVSS 6.5 MEDIUM]

Path Traversal Ip7137 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-69194 HIGH PATCH This Week

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. [CVSS 8.8 HIGH]

Path Traversal Wget2 Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-67914 HIGH This Week

Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8. [CVSS 7.5 HIGH]

Path Traversal
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2019-25295 MEDIUM This Month

The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site. [CVSS 6.5 MEDIUM]

WordPress Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.5%
EPSS 0% CVSS 2.0
LOW POC Monitor

A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.operator.DefaultPluginOperator. [CVSS 2.7 LOW]

Path Traversal Jsherp
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

jshERP versions up to 3.6 contain a path traversal vulnerability in the PluginController's file upload functionality that allows authenticated attackers to read arbitrary files on the server. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite being notified of the issue.

Path Traversal Jsherp
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. [CVSS 2.4 LOW]

D-Link Path Traversal File Upload
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. [CVSS 6.5 MEDIUM]

Path Traversal 66biolinks
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. [CVSS 6.5 MEDIUM]

PHP RCE Path Traversal
NVD GitHub Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

node-tar before version 7.5.7 contains a path traversal vulnerability where inconsistent path resolution between validation and execution logic allows attackers to bypass security checks and create hardlinks to arbitrary files outside the intended extraction directory. Public exploit code exists for this vulnerability, affecting Node.js applications that process untrusted TAR archives. An attacker can craft a malicious TAR file to write to sensitive locations on the system.

Node.js Path Traversal Tar
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Path traversal in vlt versions before 1.0.0-rc.10 allows local attackers to write files outside their intended directories during tar archive extraction due to insufficient path sanitization. An attacker with local access could exploit this to overwrite arbitrary files on the system with elevated scope impact. No patch is currently available for this vulnerability.

Path Traversal
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Arbitrary file deletion in ConvertX prior to version 0.17.0 allows authenticated attackers to remove files outside the intended upload directory by exploiting insufficient path validation in the POST /delete endpoint. The vulnerability enables attackers to supply path traversal sequences that bypass directory restrictions, with impact limited only by server process permissions. Public exploit code exists for this HIGH severity flaw, though a patch is available in version 0.17.0.

Path Traversal Convertx
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

web-based management interface of HPE Aruba Networking Fabric Composer is affected by path traversal (CVSS 7.5).

Path Traversal
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. [CVSS 7.5 HIGH]

Apache Path Traversal
NVD GitHub Exploit-DB
EPSS 0%
Monitor

Vulnerability in Ralim IronOS (source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source modules). This vulnerability is associated with program files ecc_dsa.C.

Path Traversal
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Arbitrary file write in python-multipart prior to 0.0.22 lets remote attackers place uploaded files outside the intended upload directory by supplying a filename that begins with an absolute path (e.g. '/etc/...'). The flaw only manifests in deployments that enable the non-default options UPLOAD_DIR plus UPLOAD_KEEP_FILENAME=True, where os.path.join silently discards the configured directory. Publicly available exploit code exists (Exploit-DB 52543, GHSA-wp53-j4wj-2cfg), though EPSS is very low (0.03%, 7th percentile) and it is not in CISA KEV.

Python Path Traversal Python Multipart
NVD GitHub Exploit-DB VulDB
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

HUSTOJ online judge has a path traversal vulnerability enabling arbitrary file access on the competition server.

Linux PHP MySQL +3
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

AnythingLLM versions prior to 1.10.0 contain a path traversal vulnerability in the DrupalWiki integration that allows malicious administrators or attackers with admin privileges to write arbitrary files to the server, potentially achieving remote code execution through configuration file overwriting or malicious script injection. Public exploit code exists for this vulnerability, and no patch is currently available for affected deployments. The attack requires high-level privileges but carries critical risk due to the ability to completely compromise server integrity.

Drupal RCE Path Traversal +2
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

BentoML versions prior to 1.4.34 allow path traversal attacks through improperly validated file path fields in bentofile.yaml configurations, enabling attackers to embed arbitrary files from the victim's system into bento archives during the build process. This vulnerability can be exploited to exfiltrate sensitive data such as credentials, SSH keys, and environment variables into supply chain artifacts that may be pushed to registries or deployed in production environments. A patch is available in version 1.4.34.

Python Docker Path Traversal +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Pnpm versions up to 10.28.1 contains a vulnerability that allows attackers to overwriting config files, scripts, or other sensitive files (CVSS 6.5).

Node.js Path Traversal Pnpm +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Path traversal in pnpm's tarball extraction on Windows allows attackers to write files outside the intended package directory by exploiting incomplete path normalization that fails to block backslash-based traversal sequences. Public exploit code exists for this vulnerability, which affects Windows developers and CI/CD pipelines (GitHub Actions, Azure DevOps) and could result in overwriting sensitive configuration files like .npmrc or build configurations. A patch is available in pnpm version 10.28.1 and later.

Windows Node.js Azure +4
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Path traversal in pnpm's binary fetcher (versions prior to 10.28.1) allows attackers to write files outside the intended extraction directory through malicious ZIP entries or crafted prefix values, potentially overwriting critical configuration files and scripts on affected systems. All pnpm users installing packages with binary assets are vulnerable, particularly those in CI/CD pipelines or with custom Node.js binary configurations. Public exploit code exists for this medium-severity vulnerability.

Node.js Path Traversal Pnpm +2
NVD GitHub
EPSS 0%
Monitor

The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication.

SQLi Denial Of Service Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

C++ HTTP Server versions 1.0 and below suffer from a path traversal vulnerability in the RequestHandler::handleRequest method that permits unauthenticated remote attackers to read arbitrary files from the server filesystem through malicious HTTP GET requests containing directory traversal sequences. The vulnerability stems from insufficient input validation on the URL path, which is directly concatenated to the base directory without sanitization. No patch is currently available.

Path Traversal
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. [CVSS 8.8 HIGH]

RCE Path Traversal Command Injection
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. [CVSS 7.8 HIGH]

RCE Path Traversal 7 Zip +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Path traversal in the ArchiveReader.extractContents() function used by container image load operations allows local attackers to write arbitrary files to any user-writable location on the system by crafting malicious archives with relative pathnames. Public exploit code exists for this vulnerability, and affected users cannot currently patch as fixes are only available in container 0.8.0 and containerization 0.21.0. The vulnerability requires local access and user interaction but carries high severity due to potential for file overwrite and system compromise.

Path Traversal Containerization Container
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Privilege escalation in Azure Logic Apps results from improper path validation, enabling remote attackers to gain elevated access without authentication or user interaction. Organizations using Azure Logic Apps are at risk of unauthorized privilege elevation through network-based attacks, with no available patch currently provided.

Azure Path Traversal Azure Logic Apps
NVD
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Incus is a system container and virtual machine manager. [CVSS 8.7 HIGH]

Path Traversal Incus Suse
NVD GitHub
EPSS 0% CVSS 8.6
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through <= 1.9.9.5.4. [CVSS 8.1 HIGH]

Path Traversal
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder allows Path Traversal.This issue affects BM Content Builder: from n/a before 3.16.3.3. [CVSS 6.5 MEDIUM]

Path Traversal
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Harmonic Design HDForms hdforms allows Path Traversal.This issue affects HDForms: from n/a through <= 1.6.1. [CVSS 8.6 HIGH]

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Hostme v2 hostmev2 allows Path Traversal.This issue affects Hostme v2: from n/a through <= 7.0. [CVSS 7.5 HIGH]

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0. [CVSS 7.3 HIGH]

Path Traversal
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0. [CVSS 8.6 HIGH]

Path Traversal
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ovatheme Movie Booking movie-booking allows Path Traversal.This issue affects Movie Booking: from n/a through <= 1.1.5. [CVSS 8.6 HIGH]

Path Traversal
NVD
EPSS 0% CVSS 8.7
HIGH POC This Week

Arbitrary file read in EduSoho versions prior to 22.4.7 lets a remote, unauthenticated attacker retrieve any file on the server through the classroom-course-statistics export feature. By injecting path-traversal sequences into the fileNames[] parameter, an attacker can pull sensitive files such as config/parameters.yml, exposing database credentials and application secrets. Publicly available exploit code exists, and the Shadowserver Foundation reported observing exploitation evidence on 2026-01-19, though the flaw is not listed as CISA KEV in the provided data; EPSS remains low at 0.13%.

Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM POC PATCH This Month

Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function. [CVSS 6.0 MEDIUM]

Path Traversal Beta9 Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. [CVSS 6.5 MEDIUM]

Path Traversal Tms Management Console
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. [CVSS 7.2 HIGH]

PHP RCE LFI +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

MeetingHub Paperless Meetings contains an arbitrary file read vulnerability that enables unauthenticated remote attackers to download sensitive system files through path traversal exploitation. The vulnerability affects all installations without authentication requirements, allowing attackers to access confidential data with high confidentiality impact. No patch is currently available for this issue.

Path Traversal Meetinghub Paperless Meetings
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Malicious wheel files can modify file permissions on critical system files during extraction in Python wheel versions 0.40.0-0.46.1, enabling attackers to alter SSH keys, configuration files, or executable scripts. This path traversal and permission manipulation flaw affects systems unpacking untrusted wheels and can lead to privilege escalation or arbitrary code execution. Public exploit code exists for this vulnerability, though a patch is available in version 0.46.2.

Python Privilege Escalation Wheel +2
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

The resolveSafeChildPath function in Backstage's backend-plugin-api prior to version 0.1.17 improperly validates symlink chains and dangling symlinks, allowing authenticated attackers to bypass path traversal protections used by Scaffolder actions and other backend components. An attacker with low privileges could exploit this to access files outside the intended directory boundaries by chaining intermediate symlinks or creating symlinks pointing to non-existent paths that are later materialized during file operations. This affects Backstage installations relying on the vulnerable path validation function for security isolation.

Path Traversal Red Hat
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Backstage Scaffolder actions and archive extraction utilities are vulnerable to symlink-based path traversal attacks, allowing authenticated users with template creation privileges to read sensitive files, delete arbitrary files outside the workspace, or write malicious files via crafted symlinks in tar/zip archives. This affects deployments where users can create or execute Scaffolder templates, with no patch currently available for versions prior to @backstage/backend-defaults 0.12.2.

Path Traversal
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. [CVSS 7.5 HIGH]

Path Traversal Mini Mouse
NVD Exploit-DB
EPSS 0% CVSS 6.2
MEDIUM POC This Month

Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests. [CVSS 6.2 MEDIUM]

Path Traversal Mini Mouse
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH POC This Week

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. [CVSS 7.5 HIGH]

Path Traversal
NVD GitHub Exploit-DB
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Jaraco.context versions 5.2.0 through 6.0.x contain a path traversal vulnerability in the tarball() function that allows attackers to extract files outside the intended directory when processing malicious tar archives, with public exploit code available. The vulnerability exploits insufficient path validation that fails to properly filter directory traversal sequences like `../`, potentially enabling unauthorized file extraction and nested tarball attacks. This affects all users processing untrusted tar archives with the vulnerable versions.

Path Traversal Jaraco.Context Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

Arbitrary file read in Chainlit versions prior to 2.9.4 lets an authenticated user disclose any file readable by the Chainlit service process by abusing the /project/element update flow with a user-controlled path. The server copies the referenced file into the attacker's session and returns a chainlitKey usable at /project/file/<chainlitKey> to exfiltrate contents. Publicly available exploit code exists (documented as part of the 'ChainLeak' research by Zafran), though EPSS is very low (0.03%) and it is not on CISA KEV.

Path Traversal Chainlit
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Swing Music is a self-hosted music player for local audio files. versions up to 2.1.4 contains a security vulnerability.

Path Traversal Swing Music
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Remote attackers can read arbitrary files from SiYuan servers (versions prior to 3.5.4) by exploiting server-side HTML rendering in the markdown feature. The path traversal vulnerability (CWE-22) requires no authentication and has low attack complexity, making it trivially exploitable. A public exploit exists and EPSS scoring indicates 9% exploitation probability (25th percentile), suggesting limited but active reconnaissance. Vendor patch available in version 3.5.4.

Path Traversal Siyuan
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Path traversal in esm.sh CDN prior to version 0.0.0-20260116051925-c62ab83c589e allows unauthenticated remote attackers to write arbitrary files to the server through malicious tar archives, bypassing incomplete path sanitization. Public exploit code exists for this vulnerability. The issue stems from improper validation of absolute paths in tar file entries, enabling potential code execution or service disruption on affected systems.

Golang Github Path Traversal +2
NVD GitHub
EPSS 0% CVSS 2.0
LOW POC Monitor

Path traversal in Sanluan PublicCMS up to version 5.202506.d allows remote attackers with high privileges to manipulate the path parameter in the Task Template Management handler, enabling unauthorized file access or manipulation. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Java Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Arbitrary file overwrite and symlink poisoning in the node-tar library (versions <= 7.5.2) lets a malicious tar archive escape its intended extraction root, even with the default-secure preservePaths=false setting. The flaw stems from missing sanitization of the linkpath on hardlink and symbolic-link entries, so absolute symlink targets and hardlinks can redirect writes outside the extraction directory when a victim application unpacks attacker-supplied archives. Publicly available exploit code exists via the GitHub Security Advisory (GHSA-8qq5-rm4j-mr97), though EPSS exploitation probability is very low (0.01%) and it is not listed in CISA KEV; the issue is fixed in 7.5.3.

Node.js Tar Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

The wlc Weblate command-line client prior to version 1.17.2 is vulnerable to arbitrary file write attacks through path traversal when downloading multi-translations from a malicious or compromised server. An authenticated attacker can exploit this vulnerability by crafting a specially designed server response to write files to arbitrary locations on the victim's system, potentially compromising system integrity. This vulnerability affects wlc versions before 1.17.2 and is fixed in the patched version.

Path Traversal Wlc
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

SteelSeries Nahimic 3 1.10.7 allows Directory traversal. [CVSS 7.8 HIGH]

Path Traversal Nahimic
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

TOA Corporation TRIFORA 3 series network cameras contain a path traversal vulnerability that allows authenticated users with monitoring privileges or higher to read arbitrary files from the device. An attacker with valid credentials can exploit this flaw to access sensitive information stored on the affected cameras. No patch is currently available for this vulnerability.

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Gotac's Statistics Database System is vulnerable to unauthenticated path traversal attacks that enable remote attackers to read arbitrary files from affected systems without authentication. The vulnerability affects industrial and statistics database deployments, allowing an attacker to download sensitive system files and potentially obtain confidential data. No patch is currently available for this high-severity vulnerability.

Industrial Path Traversal Statistics Database System
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Gotac's Police Statistics Database System contains a path traversal vulnerability that enables unauthenticated remote attackers to enumerate system directories and access sensitive files. The flaw affects industrial and law enforcement deployments with network accessibility, potentially exposing confidential database contents and system architecture details. No patch is currently available for this medium-severity vulnerability.

Industrial Path Traversal Police Statistics Database System
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Gotac's Police Statistics Database System is vulnerable to unauthenticated arbitrary file read attacks via absolute path traversal, enabling remote attackers to download sensitive system files without authentication. The vulnerability carries high severity (CVSS 7.5) with broad network accessibility and no user interaction required. No patch is currently available, leaving affected deployments at risk until remediation is released.

Industrial Path Traversal Police Statistics Database System
NVD
EPSS 0% CVSS 6.2
MEDIUM POC This Month

GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. [CVSS 6.2 MEDIUM]

RCE XSS LFI +1
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

Docmost versions 0.21.0 through 0.23.x contain a path traversal vulnerability in the zip import feature that allows authenticated attackers to write arbitrary files to the system due to insufficient filename validation. Public exploit code exists for this vulnerability, which could enable attackers to overwrite critical application files or achieve code execution. The vulnerability is patched in version 0.24.0 and affects all installations using the vulnerable import functionality.

Path Traversal Docmost
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. [CVSS 8.1 HIGH]

Golang Path Traversal Dpanel +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read. [CVSS 7.5 HIGH]

Path Traversal Agora Project
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. [CVSS 7.5 HIGH]

Path Traversal Oliver V5 Library
NVD Exploit-DB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration. [CVSS 5.3 MEDIUM]

Path Traversal Invoiceplane
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges. [CVSS 5.5 MEDIUM]

Path Traversal
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. [CVSS 4.4 MEDIUM]

WordPress XSS Path Traversal +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Gotham Block Extra Light (WordPress plugin) versions up to 1.5.0 is affected by path traversal (CVSS 6.5).

WordPress Path Traversal
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Integration Opvius AI for WooCommerce (through 1.3.0) has unauthenticated path traversal allowing arbitrary file download and deletion. No authentication, no nonce verification, no path validation.

WordPress PHP Path Traversal
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. [CVSS 7.2 HIGH]

PHP Path Traversal E107
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH POC This Week

Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. [CVSS 7.5 HIGH]

Path Traversal Command Center Rx
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH POC This Week

Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. [CVSS 7.5 HIGH]

Path Traversal Owlfiles
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH POC This Week

CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. [CVSS 7.5 HIGH]

PHP Path Traversal Rich Text Editor
NVD Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. [CVSS 5.5 MEDIUM]

PHP LFI Path Traversal +1
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

GuardDog security scanner before 2.7.1 has a path traversal in safe_extract() that allows malicious PyPI packages to write files outside the extraction directory. Ironic vulnerability in a tool designed to detect malicious packages. Patch available.

RCE Path Traversal AI / ML +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 6.5 MEDIUM]

Path Traversal Information Disclosure Arubaos
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. [CVSS 8.2 HIGH]

Path Traversal Information Disclosure Arubaos
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Windows Shell path traversal vulnerability affecting Windows 10 21H2, Windows Server 2016, 2019, and 2022 allows an attacker with physical access to spoof system resources without requiring user interaction. The vulnerability has no patch available and poses a confidentiality risk through unauthorized information disclosure.

Windows Path Traversal Windows Server 2016 +14
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests. [CVSS 6.5 MEDIUM]

Fortinet Path Traversal Fortivoice
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. [CVSS 7.5 HIGH]

Path Traversal Archibus
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

NETGEAR WiFi extenders (Ex5000, Ex6110, Ex2800, Ex3110) with improper path traversal validation allow authenticated LAN users to access the webproc configuration file and extract stored router credentials. An attacker with local network access can leverage this to obtain administrative credentials for further network compromise. A patch is available.

Netgear Path Traversal Ex5000 Firmware +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module [CVSS 5.5 MEDIUM]

Path Traversal Manageengine Admanager Plus
NVD
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

Gin-vue-admin versions 2.8.7 and earlier contain a path traversal vulnerability in the breakpoint resume upload API that allows authenticated attackers to write arbitrary files to any directory on the system. Public exploit code exists for this vulnerability, which affects administrators and users with file upload privileges. An attacker can bypass directory restrictions by injecting traversal sequences (../) into the fileName parameter to escape the intended fileDir location.

Golang Path Traversal Gin Vue Admin +1
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. [CVSS 8.1 HIGH]

Path Traversal AI / ML Mindsdb
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. [CVSS 6.5 MEDIUM]

Path Traversal Pal Mcp Server
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.This issue affects DX NetOps Spectrum: 24.3.8 and earlier. [CVSS 6.5 MEDIUM]

Broadcom Linux Windows +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

DevToys versions 2.0.0.0 through 2.0.8.x are vulnerable to path traversal attacks during extension package installation, allowing attackers to write files outside the intended directory by crafting malicious NUPKG archives with directory traversal sequences. An attacker can exploit this to overwrite arbitrary files with DevToys process privileges, potentially enabling code execution or system compromise on affected systems. The vulnerability is patched in version 2.0.9.0.

Path Traversal Devtoys
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

React Router (@react-router/node 7.0.0-7.9.3) has a path traversal in file-based session storage when using unsigned cookies. Attackers can manipulate session file paths to read or write arbitrary files on the server.

Path Traversal React Router Node Remix Run Deno +1
NVD GitHub VulDB
EPSS 7% CVSS 7.5
HIGH POC This Week

In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system [CVSS 7.5 HIGH]

Path Traversal
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. [CVSS 6.5 MEDIUM]

Path Traversal Ip7137 Firmware
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. [CVSS 8.8 HIGH]

Path Traversal Wget2 Red Hat +1
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8. [CVSS 7.5 HIGH]

Path Traversal
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site. [CVSS 6.5 MEDIUM]

WordPress Path Traversal
NVD
Prev Page 19 of 86 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy