Skip to main content

Path Traversal

7729 CVEs technique

Monthly

CVE-2025-9258 HIGH This Month

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Webitr
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-9257 HIGH This Month

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Webitr
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-9256 HIGH This Month

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Webitr
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-55523 LOW POC Monitor

An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Agent Zero
NVD GitHub
CVSS 3.1
3.5
EPSS
0.3%
CVE-2025-6465 Go MEDIUM PATCH This Month

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Path Traversal Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-57753 npm MEDIUM PATCH This Month

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Red Hat
NVD GitHub
CVSS 4.0
6.0
EPSS
0.2%
CVE-2025-51818 MEDIUM POC This Month

MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Mccms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-8895 CRITICAL This Week

The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Path Traversal
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-8023 Go MEDIUM PATCH This Month

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2 fails to sanitize path traversal sequences in template file destination paths, which allows a system admin. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mattermost Server
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-36530 Go MEDIUM PATCH This Month

Mattermost versions 10.9.x <= 10.9.1, 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mattermost Server
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-53505 MEDIUM This Month

Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal Group Office
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2012-10061 HIGH POC THREAT Act Now

Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 51.6%.

Path Traversal
NVD GitHub Exploit-DB
CVSS 4.0
8.7
EPSS
51.6%
Threat
4.8
CVE-2025-54927 MEDIUM Monitor

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the sys

Authentication Bypass Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-54926 HIGH This Month

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets

RCE Path Traversal
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2025-43749 Maven MEDIUM This Month

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-54021 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List allows Path Traversal.1.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-53561 MEDIUM This Month

Path Traversal vulnerability in miniOrange Prevent files / folders access allows Path Traversal.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-48158 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field allows Path Traversal.0.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-47650 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Infility Infility Global allows Path Traversal.14.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-57790 HIGH POC THREAT Act Now

A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 49.6% and no vendor patch available.

RCE Path Traversal Commvault
NVD
CVSS 4.0
8.7
EPSS
49.6%
Threat
4.7
CVE-2025-8141 HIGH This Month

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_associated_files function in all versions up. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Path Traversal RCE
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-44373 CRITICAL This Week

A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.06_06 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2025-55295 MEDIUM This Month

qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-51539 MEDIUM POC This Month

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Path Traversal Ezged3
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-55282 CRITICAL PATCH This Week

aiven-db-migrate is an Aiven database migration tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Privilege Escalation PostgreSQL Path Traversal Aiven Db Migrate
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-55214 PyPI MEDIUM PATCH This Month

Copier library and CLI app for rendering project templates. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-55201 PyPI HIGH PATCH This Month

Copier library and CLI app for rendering project templates. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-41242 Maven MEDIUM POC PATCH This Month

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tomcat Java Path Traversal Apache Spring +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-8464 MEDIUM This Month

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7_guest_user_id cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload Path Traversal PHP
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2025-3671 HIGH This Month

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal PHP RCE Privilege Escalation +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-7641 HIGH This Week

The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Path Traversal PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54715 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-52712 MEDIUM This Month

Path Traversal vulnerability in BoldGrid Post and Page Builder by BoldGrid - Visual Drag and Drop Editor allows Path Traversal.27.8. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2025-34154 CRITICAL This Week

UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 4.0
9.2
EPSS
0.2%
CVE-2012-10054 CRITICAL POC PATCH THREAT Act Now

Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.9%.

RCE Path Traversal Umbraco Cms
NVD GitHub Exploit-DB
CVSS 4.0
9.3
EPSS
75.9%
Threat
5.6
CVE-2025-23304 HIGH This Week

NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Path Traversal Nemo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-8941 HIGH PATCH This Month

A flaw was found in linux-pam. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-8912 HIGH This Week

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Organization Portal System
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-8909 HIGH This Week

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Organization Portal System
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-0818 MEDIUM This Month

Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Path Traversal PHP
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2025-55169 CRITICAL POC PATCH Act Now

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP Path Traversal Wegia
NVD GitHub
CVSS 4.0
10.0
EPSS
1.6%
CVE-2024-52964 MEDIUM This Month

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortimanager Fortimanager Cloud
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-48892 MEDIUM This Month

A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortisoar
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-40588 MEDIUM Monitor

Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions,. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Path Traversal Forticamera Firmware Fortimail Fortindr +2
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-53793 HIGH This Month

Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Path Traversal Azure Stack Hub
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-53779 HIGH This Month

Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal Windows Server 2025 Windows
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-49559 PHP MEDIUM PATCH This Month

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Path Traversal Commerce Magento Commerce B2b
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-55011 MEDIUM POC PATCH This Month

Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Kanboard
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-8081 MEDIUM PATCH Monitor

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Website Builder PHP Elementor
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-5391 HIGH This Week

The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Path Traversal RCE
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2025-42946 MEDIUM This Month

Due to directory traversal vulnerability in SAP S/4HANA (Bank Communication Management), an attacker with high privileges and access to a specific transaction and method in Bank Communication. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass SAP Path Traversal
NVD
CVSS 3.1
6.9
EPSS
0.1%
CVE-2025-25231 HIGH POC EUVD KEV This Week

Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2025-8815 MEDIUM POC This Month

A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD VulDB
CVSS 4.0
5.5
EPSS
0.3%
CVE-2025-8753 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in linlinjava litemall up to 1.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-55149 PyPI MEDIUM This Month

Tiny-Scientist is a lightweight framework for automating the entire lifecycle of scientific research-from ideation to implementation, writing, and review. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 4.0
6.7
EPSS
0.1%
CVE-2012-10048 HIGH POC THREAT Act Now

Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.2%.

Command Injection Path Traversal
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
50.2%
Threat
4.7
CVE-2025-52913 CRITICAL This Week

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Node.js
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-8356 CRITICAL This Week

In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Freeflow Core
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2025-8729 LOW POC PATCH Monitor

A vulnerability has been found in MigoXLab LMeterX 1.2.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8749 MEDIUM This Month

Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-8088 HIGH KEV THREAT Act Now

WinRAR for Windows contains a path traversal vulnerability allowing crafted archives to execute arbitrary code, discovered by ESET and exploited in the wild for targeted attacks.

RCE Microsoft Path Traversal Winrar Dtsearch +1
NVD
CVSS 4.0
8.4
EPSS
6.8%
CVE-2025-54959 MEDIUM This Month

Powered BLUE Server versions 0.20130927 and prior contain a path traversal vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2024-55401 MEDIUM This Month

An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Exonaut
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-29865 HIGH This Month

: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TAGFREE X-Free Uploader XFU allows Path Traversal.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-51052 MEDIUM POC This Month

A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Vedo Suite
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-48394 MEDIUM Monitor

An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-50233 MEDIUM POC This Week

A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Qcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-52885 MEDIUM This Month

The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mobile Access Remote Access Vpn
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-21015 MEDIUM Monitor

Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-54653 HIGH This Week

Path traversal vulnerability in the virtualization file module. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-54652 HIGH This Week

Path traversal vulnerability in the virtualization base module. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-52237 MEDIUM This Month

An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sscms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2012-10034 HIGH POC THREAT Act Now

ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.4%.

Path Traversal Clansphere
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
18.4%
CVE-2012-10024 HIGH POC THREAT Act Now

XBMC version 11, including builds up to the 2012-11-04 nightly release, contains a path traversal vulnerability in its embedded HTTP server. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 48.8%.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
48.8%
Threat
4.4
CVE-2025-53417 CRITICAL This Week

DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-54802 PyPI CRITICAL POC PATCH Act Now

pyLoad is the free and open-source Download Manager written in pure Python. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Python RCE Path Traversal Pyload Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-54794 npm HIGH POC PATCH This Month

Claude Code is an agentic coding tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Canonical Path Traversal Claude Code
NVD GitHub
CVSS 4.0
7.7
EPSS
0.0%
CVE-2025-54387 npm MEDIUM POC PATCH This Week

IPX is an image optimizer powered by sharp and svgo. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Ipx
NVD GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-46094 LOW POC Monitor

LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Liquidfiles
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2025-8522 LOW POC Monitor

A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Path Traversal Node.js
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.1%
CVE-2025-44962 MEDIUM This Month

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ruckus Smartzone Firmware Ruckus Network Director
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-8516 MEDIUM This Month

A security vulnerability has been detected in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2.getFileUploadService.deleteFileAction of the file. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-23276 HIGH This Month

NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia RCE Microsoft Denial Of Service Path Traversal +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7694 MEDIUM This Month

The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the woffice_file_manager_delete() function in all versions up to, and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP Path Traversal RCE Woffice
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2025-54386 Go HIGH PATCH This Month

Traefik is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Privilege Escalation Denial Of Service RCE Path Traversal Traefik +2
NVD GitHub
CVSS 4.0
7.3
EPSS
0.9%
CVE-2013-10063 MEDIUM POC THREAT This Month

A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 47.8%.

Netgear Path Traversal
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
47.8%
Threat
4.3
CVE-2013-10062 MEDIUM POC THREAT This Month

A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.7%.

Linksys Path Traversal
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
42.7%
Threat
4.2
CVE-2013-10046 HIGH POC Act Now

A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Path Traversal
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
1.0%
CVE-2025-8480 HIGH This Month

Alpine iLX-507 Command Injection Remote Code Execution. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Path Traversal Ilx 507 Firmware
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2025-8433 LOW POC Monitor

A vulnerability was found in code-projects Document Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell PHP Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
EPSS 0% CVSS 7.1
HIGH This Month

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Webitr
NVD
EPSS 0% CVSS 7.1
HIGH This Month

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Webitr
NVD
EPSS 0% CVSS 7.1
HIGH This Month

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Webitr
NVD
EPSS 0% CVSS 3.5
LOW POC Monitor

An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Agent Zero
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to sanitize file names which allows users with file upload permission to overwrite file attachment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Path Traversal Mattermost Server
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Red Hat
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

MCCMS 2.7.0 is vulnerable to Arbitrary file deletion in the Backups.php component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL This Week

The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Path Traversal
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2 fails to sanitize path traversal sequences in template file destination paths, which allows a system admin. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mattermost Server
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Mattermost versions 10.9.x <= 10.9.1, 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate file paths during plugin import operations which allows restricted admin users to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mattermost Server
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal Group Office
NVD
EPSS 52% 4.8 CVSS 8.7
HIGH POC THREAT Act Now

Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 51.6%.

Path Traversal
NVD GitHub Exploit-DB
EPSS 0% CVSS 4.9
MEDIUM Monitor

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the sys

Authentication Bypass Path Traversal
NVD
EPSS 1% CVSS 7.2
HIGH This Month

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets

RCE Path Traversal
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Digital Experience Platform +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List allows Path Traversal.1.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Path Traversal vulnerability in miniOrange Prevent files / folders access allows Path Traversal.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field allows Path Traversal.0.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Infility Infility Global allows Path Traversal.14.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 50% 4.7 CVSS 8.7
HIGH POC THREAT Act Now

A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 49.6% and no vendor patch available.

RCE Path Traversal Commvault
NVD
EPSS 0% CVSS 8.8
HIGH This Month

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_associated_files function in all versions up. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Path Traversal +1
NVD
EPSS 1% CVSS 9.8
CRITICAL This Week

A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.06_06 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal RCE
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Red Hat
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Path Traversal +1
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH This Week

aiven-db-migrate is an Aiven database migration tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Privilege Escalation PostgreSQL Path Traversal +1
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Copier library and CLI app for rendering project templates. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
EPSS 0% CVSS 8.5
HIGH PATCH This Month

Copier library and CLI app for rendering project templates. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tomcat Java Path Traversal +3
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7_guest_user_id cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload Path Traversal +1
NVD
EPSS 0% CVSS 8.8
HIGH This Month

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal PHP +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Path Traversal PHP
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

Path Traversal vulnerability in BoldGrid Post and Page Builder by BoldGrid - Visual Drag and Drop Editor allows Path Traversal.27.8. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 9.2
CRITICAL This Week

UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
EPSS 76% 5.6 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.9%.

RCE Path Traversal Umbraco Cms
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Path Traversal +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

A flaw was found in linux-pam. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Red Hat Suse
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Organization Portal System
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Organization Portal System
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Path Traversal PHP
NVD GitHub
EPSS 2% CVSS 10.0
CRITICAL POC PATCH Act Now

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP Path Traversal +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortimanager +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortisoar
NVD
EPSS 0% CVSS 4.4
MEDIUM Monitor

Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions,. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Path Traversal Forticamera Firmware +4
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Path Traversal +1
NVD
EPSS 0% CVSS 7.2
HIGH This Month

Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal Windows Server 2025 +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Path Traversal Commerce +2
NVD
EPSS 0% CVSS 6.4
MEDIUM POC PATCH This Month

Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Kanboard
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH Monitor

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Website Builder +2
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Path Traversal +1
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Due to directory traversal vulnerability in SAP S/4HANA (Bank Communication Management), an attacker with high privileges and access to a specific transaction and method in Bank Communication. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass SAP Path Traversal
NVD
EPSS 4% CVSS 7.5
HIGH POC EUVD KEV This Week

Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability, which was classified as critical, has been found in linlinjava litemall up to 1.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

Tiny-Scientist is a lightweight framework for automating the entire lifecycle of scientific research-from ideation to implementation, writing, and review. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
EPSS 50% 4.7 CVSS 8.7
HIGH POC THREAT Act Now

Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.2%.

Command Injection Path Traversal
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL This Week

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Node.js
NVD
EPSS 1% CVSS 9.8
CRITICAL This Week

In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Freeflow Core
NVD
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

A vulnerability has been found in MigoXLab LMeterX 1.2.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 7% CVSS 8.4
HIGH KEV THREAT Act Now

WinRAR for Windows contains a path traversal vulnerability allowing crafted archives to execute arbitrary code, discovered by ESET and exploited in the wild for targeted attacks.

RCE Microsoft Path Traversal +3
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Powered BLUE Server versions 0.20130927 and prior contain a path traversal vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Exonaut
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Month

: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TAGFREE X-Free Uploader XFU allows Path Traversal.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Vedo Suite
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM Monitor

An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Week

A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Qcms
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM This Month

The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mobile Access Remote Access Vpn
NVD
EPSS 0% CVSS 4.0
MEDIUM Monitor

Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Path traversal vulnerability in the virtualization file module. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Path traversal vulnerability in the virtualization base module. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Harmonyos
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sscms
NVD GitHub
EPSS 18% CVSS 8.7
HIGH POC THREAT Act Now

ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.4%.

Path Traversal Clansphere
NVD Exploit-DB
EPSS 49% 4.4 CVSS 7.1
HIGH POC THREAT Act Now

XBMC version 11, including builds up to the 2012-11-04 nightly release, contains a path traversal vulnerability in its embedded HTTP server. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 48.8%.

Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL This Week

DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

pyLoad is the free and open-source Download Manager written in pure Python. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Python RCE +2
NVD GitHub
EPSS 0% CVSS 7.7
HIGH POC PATCH This Month

Claude Code is an agentic coding tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Canonical Path Traversal Claude Code
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM POC PATCH This Week

IPX is an image optimizer powered by sharp and svgo. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Ipx
NVD GitHub
EPSS 0% CVSS 3.8
LOW POC Monitor

LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Liquidfiles
NVD
EPSS 0% CVSS 1.3
LOW POC Monitor

A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Path Traversal Node.js
NVD GitHub VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ruckus Smartzone Firmware Ruckus Network Director
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A security vulnerability has been detected in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2.getFileUploadService.deleteFileAction of the file. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Month

NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia RCE Microsoft +4
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the woffice_file_manager_delete() function in all versions up to, and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP Path Traversal +2
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Month

Traefik is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Privilege Escalation Denial Of Service RCE +4
NVD GitHub
EPSS 48% 4.3 CVSS 6.9
MEDIUM POC THREAT This Month

A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 47.8%.

Netgear Path Traversal
NVD Exploit-DB
EPSS 43% 4.2 CVSS 6.9
MEDIUM POC THREAT This Month

A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.7%.

Linksys Path Traversal
NVD Exploit-DB
EPSS 1% CVSS 8.5
HIGH POC Act Now

A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Path Traversal
NVD Exploit-DB
EPSS 0% CVSS 8.0
HIGH This Month

Alpine iLX-507 Command Injection Remote Code Execution. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Path Traversal +1
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in code-projects Document Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell PHP Path Traversal
NVD GitHub VulDB
Prev Page 24 of 86 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy