Skip to main content

Path Traversal

7729 CVEs technique

Monthly

CVE-2025-49448 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Food Menu allows Path Traversal. This issue affects FW Food Menu : from n/a through 6.0.0.

Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-24765 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RobMarsh Image Shadow allows Path Traversal. This issue affects Image Shadow: from n/a through 1.1.0.

Path Traversal
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-6731 LOW POC Monitor

A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Handler. The manipulation of the argument File leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-50350 MEDIUM POC This Month

PHPGurukul Pre-School Enrollment System Project v1.0 is vulnerable to Directory Traversal in manage-classes.php.

PHP Path Traversal Pre School Enrollment System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-34048 HIGH POC This Week

A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.

Path Traversal D-Link
NVD GitHub Exploit-DB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-34047 HIGH POC This Week

A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation, enabling traversal sequences to escape the intended directory and access sensitive files. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

Path Traversal
NVD GitHub
CVSS 4.0
8.7
EPSS
1.1%
CVE-2025-34045 HIGH POC THREAT Act Now

A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/_download_imgage endpoint, where insufficient input validation allows unauthenticated remote attackers to perform directory traversal via crafted POST requests. This enables arbitrary file read on the server, potentially exposing sensitive information such as configuration files and source code. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

PHP Path Traversal Weiphp
NVD GitHub
CVSS 3.1
7.5
EPSS
18.6%
CVE-2025-3722 MEDIUM This Month

A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure.

Information Disclosure Path Traversal System Information Reporter
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-6445 HIGH This Week

CVE-2025-6445 is a critical directory traversal vulnerability in ServiceStack's FindType method that allows remote attackers to execute arbitrary code without authentication. The vulnerability stems from insufficient path validation in file operations, enabling attackers to traverse the filesystem and execute malicious code in the context of the affected application process. With a CVSS score of 8.1 and network-based attack vector, this vulnerability poses significant risk to ServiceStack deployments, though exploitation requires application-level interaction with the vulnerable FindType method.

RCE Path Traversal Servicestack
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2025-52569 MEDIUM PATCH This Month

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the `GitHub.repo()` function, the user can provide any string for the `repo_name` field. These inputs are not validated or safely encoded and are sent directly to the server. This means a user can add path traversal patterns like `../` in the input to access any other endpoints on `api.github.com` that were not intended. Users should upgrade immediately to v5.9.1 or later to receive a patch. All prior versions are vulnerable. No known workarounds are available.

Path Traversal
NVD GitHub
CVSS 4.0
6.6
EPSS
0.2%
CVE-2025-49153 CRITICAL Act Now

The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code.

RCE Path Traversal
NVD
CVSS 4.0
9.3
EPSS
1.8%
CVE-2025-50178 MEDIUM PATCH This Month

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the `GitForge.get_repo` function for GitHub, the user can provide any string for the owner and repo fields. These inputs are not validated or safely encoded and are sent directly to the server. This means a user can add path traversal patterns like `../` in the input to access any other endpoints on api.github.com that were not intended. Version 0.4.3 contains a patch for the issue. No known workarounds are available.

Path Traversal
NVD GitHub
CVSS 4.0
6.6
EPSS
0.2%
CVE-2025-39202 HIGH This Week

CVE-2025-39202 is a local privilege escalation vulnerability in MicroSCADA X SYS600's Monitor Pro interface that allows authenticated users with low privileges to read and overwrite arbitrary files, leading to information disclosure and data corruption. The vulnerability affects the SYS600 product line and requires local access with valid credentials; while the CVSS score of 7.3 indicates moderate-to-high severity, real-world exploitability depends on whether this vulnerability has been added to CISA's KEV catalog or has publicly available proof-of-concept code.

Siemens SCADA Information Disclosure Path Traversal Microscada X Sys600
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-52574 HIGH PATCH This Week

SysmonElixir versions prior to 1.0.1 contain a path traversal vulnerability in the /read endpoint that allows unauthenticated remote attackers to read arbitrary files from the server, including sensitive system files like /etc/passwd. The vulnerability was patched in version 1.0.1 by implementing a whitelist restricting file reads to the priv/data directory. This is a high-severity information disclosure issue (CVSS 7.5) with no authentication required and network-accessible attack surface.

Path Traversal Information Disclosure Python
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-34040 CRITICAL POC Act Now

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directories using path traversal. Successful exploitation enables remote code execution as the uploaded file can be accessed and executed through the web server. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-01 UTC.

File Upload RCE Path Traversal
NVD Exploit-DB VulDB
CVSS 4.0
10.0
EPSS
3.8%
CVE-2025-34031 HIGH POC THREAT Act Now

The Moodle LMS Jmol plugin version 6.1 and earlier contains a path traversal vulnerability in jsmol.php. The query parameter is passed directly to file_get_contents() without validation, allowing unauthenticated attackers to read arbitrary files from the Moodle server including configuration files with database credentials.

PHP Path Traversal Moodle Information Disclosure Jmol
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
12.2%
CVE-2025-52562 CRITICAL PATCH Act Now

A path traversal vulnerability in versions 3.9.0-rc3 to (CVSS 10.0) that allows the attacker. Critical severity with potential for significant impact on affected systems.

PHP Path Traversal
NVD GitHub
CVSS 3.1
10.0
EPSS
1.9%
CVE-2025-23092 HIGH This Week

A path traversal vulnerability (CVSS 7.2) that allows an authenticated attacker with administrative privileges. High severity vulnerability requiring prompt remediation.

Path Traversal
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-48026 HIGH This Week

CVE-2025-48026 is a path traversal vulnerability in the WebApl component of Mitel OpenScape Xpressions that allows unauthenticated attackers to read arbitrary files from the underlying operating system due to insufficient input validation. The vulnerability affects OpenScape Xpressions through version V7R1 FR5 HF43 P913, and successful exploitation could expose sensitive information without requiring authentication, elevated privileges, or user interaction. The CVSS 7.5 score reflects the high confidentiality impact, though integrity and availability are not affected.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-50349 HIGH POC This Week

PHPGurukul Pre-School Enrollment System v1.0 contains a directory traversal vulnerability in the update-teacher-pic.php endpoint that allows unauthenticated remote attackers to read arbitrary files from the server with high confidence. An attacker can exploit this network-accessible vulnerability without any privileges or user interaction to disclose sensitive files, potentially exposing database credentials, configuration files, or other system information. The high CVSS score of 7.5 reflects the ease of exploitation (network-accessible, low complexity, no authentication required) and significant confidentiality impact, though this vulnerability does not permit file modification or denial of service.

PHP Path Traversal Pre School Enrollment System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2025-50348 HIGH POC This Week

CVE-2025-50348 is a Directory Traversal vulnerability in PHPGurukul Pre-School Enrollment System Project version 1.0, specifically in the update-class-pic.php file. An unauthenticated remote attacker can exploit this vulnerability to read sensitive files from the server, achieving high confidentiality impact without requiring user interaction or special privileges. The vulnerability has a CVSS score of 7.5 (High) with a network-based attack vector and low attack complexity, indicating it is easily exploitable by remote actors; however, exploitation is limited to information disclosure without modification capabilities.

PHP Path Traversal Pre School Enrollment System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2025-52922 HIGH This Week

CVE-2025-52922 is a directory traversal vulnerability in Innoshop through version 0.4.1 that allows authenticated administrators to abuse multiple FileManager API endpoints to map the filesystem, create/delete arbitrary directories and files, read sensitive files, and move files anywhere on the server. With a CVSS score of 7.4 and low attack complexity, this represents a significant integrity and confidentiality risk for affected deployments, though exploitation requires valid administrative credentials.

Path Traversal
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2025-6453 LOW POC Monitor

A vulnerability classified as critical has been found in diyhi bbs 6.8. Affected is the function Add of the file /src/main/java/cms/web/action/template/ForumManageAction.java of the component API. The manipulation of the argument dirName leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Java Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6218 HIGH POC KEV PATCH THREAT Act Now

WinRAR contains a directory traversal vulnerability (CVE-2025-6218, CVSS 7.8) enabling remote code execution when users extract crafted archives. KEV-listed with EPSS 4.7% and public PoC, this vulnerability allows archive files to write outside the extraction directory, placing malicious files in startup folders or other sensitive locations. Given WinRAR's 500+ million user base, this is a high-impact social engineering vector.

RCE Path Traversal Winrar
NVD
CVSS 3.0
7.8
EPSS
4.7%
Threat
4.7
CVE-2025-34023 HIGH POC This Week

CVE-2025-34023 is a path traversal vulnerability in Karel IP1211 IP Phone's web management panel that allows remote authenticated attackers to read arbitrary files from the underlying system via unsanitized input to the /cgi-bin/cgiServer.exx endpoint's page parameter. This vulnerability affects IP phone administrators with network access to the management interface and carries a CVSS 8.5 score reflecting high confidentiality impact. Active exploitation evidence was documented by Shadowserver Foundation on 2025-02-02 UTC, indicating real-world attack activity.

Path Traversal Information Disclosure IoT
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
1.8%
CVE-2025-34022 CRITICAL POC Act Now

CVE-2025-34022 is an unauthenticated path traversal vulnerability in Selea Targa IP OCR-ANPR cameras affecting at least 9 models (iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, Targa 704 ILB). The /common/get_file.php script fails to validate the 'file' parameter, allowing remote attackers to read arbitrary files including system credentials in cleartext. Active exploitation was confirmed by Shadowserver Foundation on 2025-02-02 UTC, indicating this is not theoretical-it is actively weaponized in the wild.

PHP Authentication Bypass Path Traversal Information Disclosure
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-45890 CRITICAL POC Act Now

CVE-2025-45890 is a critical directory traversal vulnerability in Novel Plus before v5.1.0 that allows unauthenticated remote attackers to execute arbitrary code by manipulating the filePath parameter. The vulnerability has a CVSS score of 9.8 (critical severity) with a network-based attack vector requiring no privileges or user interaction. Given the critical CVSS metrics and remote code execution capability, this vulnerability poses an immediate and severe risk to all unpatched Novel Plus installations and warrants emergency patching.

RCE Path Traversal Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2025-4981 Go CRITICAL PATCH Act Now

A remote code execution vulnerability (CVSS 9.9) that allows authenticated users. Critical severity with potential for significant impact on affected systems.

RCE Path Traversal Mattermost Server Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.6%
CVE-2025-6283 LOW POC PATCH Monitor

A vulnerability was found in xataio Xata Agent up to 0.3.0. It has been classified as problematic. This affects the function GET of the file apps/dbagent/src/app/api/evals/route.ts. The manipulation of the argument passed leads to path traversal. Upgrading to version 0.3.1 is able to address this issue. The patch is named 03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc. It is recommended to upgrade the affected component.

Path Traversal
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-6282 LOW POC Monitor

A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the function create_upload_file of the file backend/api/file.py. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The reported GitHub issue was closed automatically with the label "not planned" by a bot.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2025-6281 LOW Monitor

A vulnerability has been found in OpenBMB XAgent up to 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /conv/community. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-6280 LOW POC Monitor

A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2025-6278 PyPI LOW POC PATCH Monitor

A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2025-4661 LOW Monitor

A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the switch in order to exploit

Path Traversal
NVD
CVSS 3.1
2.3
EPSS
0.0%
CVE-2025-6240 MEDIUM PATCH This Month

Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2.

Microsoft Path Traversal
NVD
CVSS 4.0
4.9
EPSS
0.1%
CVE-2025-5981 Go MEDIUM PATCH This Month

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.

Path Traversal Osv Scalibr Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-50202 HIGH PATCH This Week

Path traversal vulnerability in Lychee photo-management tool (versions 6.6.6 through 6.6.9) that allows unauthenticated remote attackers to read arbitrary files from the server, including environment variables, configuration secrets, nginx logs, and other users' uploaded images. The vulnerability exists in SecurePathController.php and has a CVSS score of 7.5 (high severity) with straightforward network-based exploitation requiring no authentication or user interaction. A patch is available in version 6.6.10.

PHP Nginx Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-49384 HIGH PATCH This Week

Local privilege escalation vulnerability in Trend Micro Security 17.8 (Consumer) that exploits improper link following (symlink/junction attack) to allow a low-privileged local attacker to delete privileged Trend Micro system files without user interaction. This vulnerability carries a CVSS 7.8 high severity rating due to high impact on confidentiality, integrity, and availability; however, real-world exploitability depends on KEV status, EPSS probability data, and proof-of-concept availability, which are not provided in the available intelligence.

Privilege Escalation Trend Micro Path Traversal Maximum Security 2022
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-30640 HIGH PATCH This Week

Link following vulnerability (symlink attack) in Trend Micro Deep Security 20.0 agents that enables local privilege escalation on affected systems. An attacker with low-privileged code execution capability can exploit this flaw to gain high-level system access. The vulnerability has a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability; KEV and POC status are not confirmed in available data, but the low attack complexity and low privilege requirement indicate moderate real-world risk once initial code execution is obtained.

Privilege Escalation Trend Micro Path Traversal Deep Security Agent
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49155 HIGH PATCH This Week

CVE-2025-49155 is an uncontrolled search path vulnerability in Trend Micro Apex One's Data Loss Prevention (DLP) module that allows unauthenticated remote attackers to inject and execute arbitrary code. The vulnerability requires user interaction (CVSS UI:R) but poses critical risk to organizations deploying Apex One, as successful exploitation grants full system compromise with high confidentiality, integrity, and availability impact (CVSS 8.8). Exploitation likelihood should be assessed against current threat intelligence for active in-the-wild usage.

RCE Trend Micro Code Injection Path Traversal Apex One
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-34510 HIGH POC THREAT Act Now

Sitecore Experience Manager, Platform, and Commerce versions 9.0 through 10.4 contain a Zip Slip vulnerability that allows authenticated attackers to write arbitrary files outside the intended upload directory. By crafting ZIP archives with path traversal entries, attackers can overwrite application files and achieve remote code execution.

RCE Path Traversal Managed Cloud Experience Manager Experience Commerce +1
NVD
CVSS 3.1
8.8
EPSS
87.3%
Threat
5.9
CVE-2025-49879 HIGH This Week

Path traversal vulnerability in themezaa Litho that allows unauthenticated network attackers to cause a denial of service by accessing files outside the intended directory structure. Affected versions range from an unspecified baseline through version 3.0 of the Litho product. The vulnerability has a high CVSS score of 8.6 with a network attack vector and no authentication requirements, making it easily exploitable by remote attackers.

Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-49451 HIGH This Week

A Path Traversal vulnerability (CWE-35) exists in the Aeroscroll Gallery WordPress plugin (versions through 1.0.12) that allows unauthenticated remote attackers to access arbitrary files on the server, potentially exposing sensitive configuration files, database credentials, and other confidential data. The vulnerability has a CVSS score of 7.5 (High) with network accessibility and no authentication required, making it a significant information disclosure risk for all installations of affected versions.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-49415 HIGH This Week

Path traversal vulnerability in Fastw3b LLC FW Gallery (versions through 8.0.0) that allows unauthenticated remote attackers to cause denial of service by manipulating file path parameters. The vulnerability has a high CVSS score of 8.6 due to its network accessibility and lack of authentication requirements, though impact is limited to availability rather than confidentiality or integrity. Specific KEV status, EPSS scores, and publicly available POC information cannot be confirmed from the provided data, warranting immediate vendor contact for patch availability and exploitation status.

Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-34508 MEDIUM PATCH This Month

A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service.

Denial Of Service Path Traversal
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2025-6020 HIGH PATCH CISA Act Now

A privilege escalation vulnerability in A flaw (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Path Traversal
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-4365 HIGH PATCH This Week

CVE-2025-4365 is an arbitrary file read vulnerability affecting Citrix NetScaler Console and NetScaler SDX (SVM) that allows unauthenticated remote attackers to read sensitive files from affected systems. The vulnerability has a CVSS score of 7.5 (high severity) with a network-accessible attack vector requiring no authentication or user interaction. While specific KEV and EPSS data were not provided in the intelligence sources, the combination of high CVSS, unauthenticated access, and file disclosure capability indicates this requires prompt remediation.

Citrix Information Disclosure Path Traversal Netscaler Console Netscaler Sdx
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-6167 PyPI MEDIUM POC PATCH This Month

A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this issue. It is recommended to upgrade the affected component.

Python Path Traversal Python A2a
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-6166 LOW POC PATCH Monitor

A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The identifier of the patch is 5db74202d632306a883ccce7339c5bdba0d16c5a. It is recommended to upgrade the affected component.

Python Path Traversal
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-6152 MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The patch is named 7ba93a10000fb77ee01731478ef40551a27bd5b9. It is recommended to apply a patch to fix this issue.

Path Traversal Browser
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-32799 CRITICAL POC PATCH Act Now

Conda-build versions prior to 25.4.0 are vulnerable to path traversal (Tarslip) attacks that allow unauthenticated remote attackers to write arbitrary files outside intended extraction directories by crafting malicious tar archives with directory traversal sequences. This critical vulnerability (CVSS 9.8) affects all users and systems utilizing conda-build for package compilation, with potential for privilege escalation and code execution depending on target file locations and system permissions.

RCE Privilege Escalation Path Traversal Conda Build
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-3594 Maven CRITICAL PATCH Act Now

A path traversal vulnerability in Liferay Portal 7.0.0 (CVSS 9.8) that allows remote attackers. Critical severity with potential for significant impact on affected systems.

Path Traversal Liferay Portal Digital Experience Platform
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-4748 MEDIUM PATCH This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.

Path Traversal
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-6109 LOW POC Monitor

A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java. The manipulation of the argument artifactId leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Java Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6108 LOW POC Monitor

A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file /springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java of the component File Upload. The manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

File Upload Java Path Traversal
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-5964 MEDIUM PATCH This Month

A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server.

Path Traversal M Files Server
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-6070 MEDIUM This Month

The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

WordPress Path Traversal PHP
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2025-6065 CRITICAL Act Now

The Image Resizer On The Fly WordPress plugin (versions ≤1.1) contains a critical arbitrary file deletion vulnerability in its 'delete' task that allows unauthenticated attackers to remove arbitrary files from the server without authentication. This vulnerability can facilitate remote code execution by deleting critical files such as wp-config.php, leading to complete WordPress installation compromise. With a CVSS score of 9.1 and network-accessible attack vector requiring no user interaction or privileges, this represents a critical risk to all unpatched installations.

WordPress PHP RCE Path Traversal
NVD
CVSS 3.1
9.1
EPSS
3.7%
CVE-2025-4187 MEDIUM This Month

The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

WordPress Path Traversal PHP
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2025-28384 LIB CRITICAL POC Act Now

Critical directory traversal vulnerability in OpenC3 COSMOS versions before 6.1.0 affecting the /script-api/scripts/ endpoint. An unauthenticated attacker can exploit this flaw over the network with no user interaction required to read and potentially write arbitrary files on the affected system, achieving high confidentiality and integrity impact. The vulnerability has a CVSS score of 9.1 (Critical) with an CVSS vector indicating network-based attack, low complexity, and no privilege requirements.

Path Traversal Cosmos
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2025-28382 LIB HIGH POC This Week

Directory traversal vulnerability in OpenC3 COSMOS versions before 6.1.0 that allows unauthenticated remote attackers to read arbitrary files from the server via the openc3-api/tables endpoint. This high-severity issue (CVSS 7.5) enables confidentiality breaches without requiring authentication or user interaction, potentially exposing sensitive configuration files, credentials, and operational data managed by the COSMOS command and control system.

Path Traversal Cosmos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2025-46096 Maven MEDIUM POC PATCH This Month

Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component

XSS Path Traversal Solon
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-46783 CRITICAL Act Now

Critical path traversal vulnerability in RICOH Streamline NX V3 PC Client (versions 3.5.0-3.242.0) that allows unauthenticated remote attackers to execute arbitrary code on affected systems by tampering with specific files used by the product. With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this vulnerability poses immediate risk to organizations deploying vulnerable versions of the RICOH client software. KEV and EPSS status, POC availability, and active exploitation data are not yet available in public disclosures, but the severity profile (CVSS 9.8, CVSS:3.0/AV:N/AC:L/PR:N/UI:N) suggests high exploitability.

RCE Path Traversal
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2024-38824 PyPI CRITICAL PATCH Act Now

Directory traversal vulnerability in the recv_file method that permits authenticated attackers to write arbitrary files to the master cache directory, potentially leading to code execution or system compromise. The vulnerability affects products using vulnerable file reception mechanisms and carries a critical CVSS 9.6 score with network accessibility and low complexity. While specific KEV/EPSS data was not provided in the intelligence briefing, the combination of high CVSS, low attack complexity, and authenticated-but-common access vectors suggests elevated real-world risk.

Path Traversal Salt Suse
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2025-22241 PyPI MEDIUM PATCH This Month

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.

Path Traversal Debian Ubuntu Suse
NVD GitHub
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-22240 PyPI MEDIUM PATCH This Month

Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.

Path Traversal Debian Ubuntu Suse
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-22238 PyPI MEDIUM PATCH This Month

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.

Path Traversal Debian Ubuntu Suse
NVD GitHub
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-4613 HIGH POC PATCH This Week

Path traversal vulnerability in Google Web Designer's template handling mechanism that enables remote code execution when users are socially engineered into downloading malicious ad templates. Versions prior to 16.3.0.0407 on Windows are affected, and the vulnerability requires user interaction (UI:R) but has no authentication requirements (PR:N). While CVSS 8.8 indicates high severity with complete confidentiality, integrity, and availability impact, exploitation probability and KEV status information is not provided in the available intelligence.

RCE Path Traversal Google Windows Web Designer
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-40592 MEDIUM This Month

A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7), Mendix Studio Pro 10.6 (All versions < V10.6.24), Mendix Studio Pro 11 (All versions < V11.0.0), Mendix Studio Pro 8 (All versions < V8.18.35), Mendix Studio Pro 9 (All versions < V9.24.35). A zip path traversal vulnerability exists in the module installation process of Studio Pro. By crafting a malicious module and distributing it via (for example) the Mendix Marketplace, an attacker could write or modify arbitrary files in directories outside a developer’s project directory upon module installation.

Path Traversal
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-36574 HIGH PATCH This Week

Dell Wyse Management Suite versions prior to 5.2 contain an Absolute Path Traversal vulnerability (CWE-36) that allows unauthenticated remote attackers to read arbitrary files and gain unauthorized access without user interaction. The CVSS 8.2 score reflects high confidentiality impact and low integrity impact, with network-based attack vector requiring no privileges or interaction. No KEV/CISA active exploitation data, EPSS score, or public POC is currently confirmed in available intelligence, but the unauthenticated remote nature and path traversal primitive warrant immediate patching.

Authentication Bypass Information Disclosure Path Traversal Dell Wyse Management Suite
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2025-33112 HIGH This Week

Local privilege escalation vulnerability in IBM AIX 7.3 and IBM VIOS 4.1.1's Perl implementation that allows non-privileged local users to execute arbitrary code through improper pathname neutralization (path traversal). With a CVSS score of 8.4 and no authentication requirement, this represents a critical risk for AIX environments where local user access exists. The vulnerability's active exploitation status and proof-of-concept availability would significantly elevate real-world risk.

RCE IBM Privilege Escalation Path Traversal Aix +1
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-33053 HIGH POC KEV PATCH THREAT Act Now

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.

Microsoft Windows RCE Path Traversal Windows Server 2016 +14
NVD
CVSS 3.1
8.8
EPSS
48.5%
Threat
6.2
CVE-2024-57189 npm MEDIUM POC PATCH This Month

In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.

Path Traversal Erxes
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-57186 npm MEDIUM POC PATCH This Month

In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.

Path Traversal Erxes
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2025-37100 HIGH This Week

Path traversal vulnerability in HPE Aruba Networking Private 5G Core APIs that allows authenticated users to iteratively navigate the filesystem and download sensitive system files. The vulnerability affects the Private 5G Core platform with a CVSS score of 7.7 (high severity) due to confidentiality impact across system boundaries. While requiring low-privilege authentication and network access, successful exploitation directly exposes protected system files containing sensitive configuration and credential data.

Path Traversal Information Disclosure
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-40662 HIGH PATCH This Week

CVE-2025-40662 is an absolute path disclosure vulnerability in DM Corporative CMS that exposes sensitive filesystem information when an attacker requests non-existent files within the webroot/file directory. This high-severity information disclosure (CVSS 7.5) affects DM Corporative CMS users and allows unauthenticated remote attackers to enumerate and discover the absolute filesystem paths of the application, which typically precedes further exploitation. The vulnerability has not been confirmed as actively exploited in the wild (KEV status unknown from provided data), but represents a significant reconnaissance vector with minimal attack complexity.

Information Disclosure Path Traversal Dm Corporative Cms
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-5741 MEDIUM This Month

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-5740 HIGH This Week

Path traversal vulnerability (CWE-22) in a web application that allows authenticated users with high privileges to write arbitrary files to the system by manipulating file paths. While the CVSS score of 7.2 indicates moderate-to-high severity with high impact to confidentiality, integrity, and availability, the requirement for authenticated high-privilege access (PR:H) significantly constrains real-world exploitability. Active exploitation status, public POC availability, and EPSS score are unknown from the provided data, limiting definitive risk prioritization.

Path Traversal
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-42977 HIGH This Week

SAP NetWeaver Visual Composer contains a directory traversal vulnerability (CWE-22) that allows high-privileged users to bypass path validation controls and read or modify arbitrary files on the system. The vulnerability affects SAP NetWeaver Visual Composer across supported versions and has a CVSS score of 7.6 due to high confidentiality impact and network-accessible attack vector, though exploitation requires high privileges (PR:H). Exploitation likelihood and KEV/POC status cannot be confirmed from available data, but the high-privilege prerequisite significantly reduces real-world exploitability compared to the base CVSS score suggests.

SAP Path Traversal Information Disclosure
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2025-49138 PHP MEDIUM POC PATCH This Month

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written into site.json. This enables attackers to exfiltrate sensitive system files such as /etc/passwd, application secrets, or configuration files accessible to the web server (www-data). The vulnerability stems from the way the HAXCMS backend handles the location field in the site's outline. When a user sends a POST request to /system/api/saveOutline, the backend stores the provided location value directly into the site.json file associated with the site, without validating or sanitizing the input. Later the location parameter is interpreted by the CMS to resolve and load the content for a given node. If the location field contains a relative path like `../../../etc/passwd`, the application will attempt to read and render that file. Version 11.0.0 fixes the issue.

PHP Path Traversal Haxcms Php
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49297 HIGH This Week

Path traversal vulnerability in Mikado-Themes Grill and Chow WordPress themes (versions through 1.6) that enables PHP Local File Inclusion (LFI) attacks. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary files on the affected server, potentially exposing sensitive configuration files, database credentials, and other confidential data. The high CVSS score of 8.1 reflects significant impact on confidentiality and integrity, though exploitation requires higher attack complexity.

PHP Path Traversal
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-49296 HIGH This Week

A Path Traversal vulnerability in Mikado-Themes GrandPrix WordPress theme (versions through 1.6) allows unauthenticated remote attackers to perform PHP Local File Inclusion (LFI) attacks, potentially leading to arbitrary file reading, information disclosure, and remote code execution. The vulnerability has a CVSS score of 8.1 (High) with high impact on confidentiality, integrity, and availability; exploitation requires medium attack complexity but no user interaction or privileges. KEV status and active exploitation data were not provided, but the high CVSS and LFI nature suggest significant real-world risk if POC is publicly available.

PHP Path Traversal
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-49295 HIGH This Week

A Path Traversal vulnerability in Mikado-Themes MediClinic through version 2.1 enables unauthenticated remote attackers to conduct PHP Local File Inclusion (LFI) attacks, potentially allowing arbitrary file reading and code execution. The CVSS 8.1 score reflects high impact across confidentiality, integrity, and availability, though attack complexity is listed as HIGH. No public confirmation of active KEV exploitation or PoC availability is documented in standard feeds, but the high CVSS and LFI vector suggest this should be treated as a credible priority vulnerability.

PHP Path Traversal
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-48267 HIGH This Week

Path traversal vulnerability in ThimPress WP Pipes that allows unauthenticated remote attackers to access files outside restricted directories, potentially causing denial of service or information disclosure. Versions through 1.4.2 are affected. The vulnerability has a high CVSS score of 8.6 due to network accessibility and no authentication requirements, though the impact is limited to availability rather than confidentiality or integrity.

Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-48130 HIGH This Week

Path traversal vulnerability in Spice Blocks (a WordPress plugin by spicethemes) affecting versions through 2.0.7.2 that allows unauthenticated remote attackers to read arbitrary files from the affected server. The vulnerability has a CVSS score of 7.5 (High) with network-based attack vector, no authentication required, and high confidentiality impact, making it a significant information disclosure risk for WordPress installations using this plugin.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-48124 HIGH This Week

A path traversal vulnerability (CWE-22) in Holest Engineering's Spreadsheet Price Changer for WooCommerce and WP E-commerce - Light plugin allows unauthenticated remote attackers to read arbitrary files from the server by manipulating file path parameters. The vulnerability affects all versions through 2.4.37 and has a CVSS score of 7.5, indicating high confidentiality impact with no authentication required. Real-world exploitability depends on confirmation of active exploitation status and proof-of-concept availability; the low attack complexity and network accessibility suggest this is a genuine, easily-exploitable threat to affected WordPress installations.

WordPress Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-47511 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in nanbu Welcart e-Commerce allows Path Traversal. This issue affects Welcart e-Commerce: from n/a through 2.11.13.

Path Traversal
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-39475 HIGH This Week

Path Traversal vulnerability enabling PHP Local File Inclusion (LFI) in Frenify Arlo through version 6.0.3. The vulnerability allows unauthenticated remote attackers to read arbitrary files from the server filesystem by manipulating path parameters, potentially exposing sensitive configuration files, source code, and credentials. With a CVSS score of 8.1 and network-accessible attack vector, this vulnerability poses significant risk to confidentiality and integrity; exploitation likelihood and active weaponization status cannot be confirmed from available data, but the straightforward nature of path traversal attacks suggests moderate-to-high real-world exploitation probability.

PHP Path Traversal
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-39473 HIGH This Week

Path traversal vulnerability in WebGeniusLab Seofy Core (versions up to 1.4.5) that allows unauthenticated remote attackers to achieve PHP Local File Inclusion (LFI) with high complexity. The vulnerability enables attackers to read arbitrary files and potentially execute code on affected systems. No public indicators confirm active exploitation or KEV listing at this time, but the high CVSS score (8.1) and remote attack vector indicate significant risk requiring urgent patching.

PHP Path Traversal
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-31635 HIGH This Week

Path traversal vulnerability in LambertGroup CLEVER versions up to 2.6 that allows unauthenticated remote attackers to read arbitrary files from the affected system with high confidentiality impact. The vulnerability requires no user interaction and can be exploited over the network, making it a critical exposure for organizations running vulnerable CLEVER instances. While CVSS 7.5 indicates significant risk, actual exploitation depends on KEV listing status and public POC availability, which should be verified against current threat intelligence feeds.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.1%
EPSS 0% CVSS 8.6
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Food Menu allows Path Traversal. This issue affects FW Food Menu : from n/a through 6.0.0.

Path Traversal
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RobMarsh Image Shadow allows Path Traversal. This issue affects Image Shadow: from n/a through 1.1.0.

Path Traversal
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Handler. The manipulation of the argument File leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM POC This Month

PHPGurukul Pre-School Enrollment System Project v1.0 is vulnerable to Directory Traversal in manage-classes.php.

PHP Path Traversal Pre School Enrollment System
NVD GitHub
EPSS 0% CVSS 8.7
HIGH POC This Week

A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.

Path Traversal D-Link
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.7
HIGH POC This Week

A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation, enabling traversal sequences to escape the intended directory and access sensitive files. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

Path Traversal
NVD GitHub
EPSS 19% CVSS 7.5
HIGH POC THREAT Act Now

A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/_download_imgage endpoint, where insufficient input validation allows unauthenticated remote attackers to perform directory traversal via crafted POST requests. This enables arbitrary file read on the server, potentially exposing sensitive information such as configuration files and source code. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

PHP Path Traversal Weiphp
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure.

Information Disclosure Path Traversal System Information Reporter
NVD
EPSS 1% CVSS 8.1
HIGH This Week

CVE-2025-6445 is a critical directory traversal vulnerability in ServiceStack's FindType method that allows remote attackers to execute arbitrary code without authentication. The vulnerability stems from insufficient path validation in file operations, enabling attackers to traverse the filesystem and execute malicious code in the context of the affected application process. With a CVSS score of 8.1 and network-based attack vector, this vulnerability poses significant risk to ServiceStack deployments, though exploitation requires application-level interaction with the vulnerable FindType method.

RCE Path Traversal Servicestack
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the `GitHub.repo()` function, the user can provide any string for the `repo_name` field. These inputs are not validated or safely encoded and are sent directly to the server. This means a user can add path traversal patterns like `../` in the input to access any other endpoints on `api.github.com` that were not intended. Users should upgrade immediately to v5.9.1 or later to receive a patch. All prior versions are vulnerable. No known workarounds are available.

Path Traversal
NVD GitHub
EPSS 2% CVSS 9.3
CRITICAL Act Now

The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code.

RCE Path Traversal
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the `GitForge.get_repo` function for GitHub, the user can provide any string for the owner and repo fields. These inputs are not validated or safely encoded and are sent directly to the server. This means a user can add path traversal patterns like `../` in the input to access any other endpoints on api.github.com that were not intended. Version 0.4.3 contains a patch for the issue. No known workarounds are available.

Path Traversal
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

CVE-2025-39202 is a local privilege escalation vulnerability in MicroSCADA X SYS600's Monitor Pro interface that allows authenticated users with low privileges to read and overwrite arbitrary files, leading to information disclosure and data corruption. The vulnerability affects the SYS600 product line and requires local access with valid credentials; while the CVSS score of 7.3 indicates moderate-to-high severity, real-world exploitability depends on whether this vulnerability has been added to CISA's KEV catalog or has publicly available proof-of-concept code.

Siemens SCADA Information Disclosure +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

SysmonElixir versions prior to 1.0.1 contain a path traversal vulnerability in the /read endpoint that allows unauthenticated remote attackers to read arbitrary files from the server, including sensitive system files like /etc/passwd. The vulnerability was patched in version 1.0.1 by implementing a whitelist restricting file reads to the priv/data directory. This is a high-severity information disclosure issue (CVSS 7.5) with no authentication required and network-accessible attack surface.

Path Traversal Information Disclosure Python
NVD GitHub
EPSS 4% CVSS 10.0
CRITICAL POC Act Now

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directories using path traversal. Successful exploitation enables remote code execution as the uploaded file can be accessed and executed through the web server. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-01 UTC.

File Upload RCE Path Traversal
NVD Exploit-DB VulDB
EPSS 12% CVSS 7.5
HIGH POC THREAT Act Now

The Moodle LMS Jmol plugin version 6.1 and earlier contains a path traversal vulnerability in jsmol.php. The query parameter is passed directly to file_get_contents() without validation, allowing unauthenticated attackers to read arbitrary files from the Moodle server including configuration files with database credentials.

PHP Path Traversal Moodle +2
NVD Exploit-DB
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

A path traversal vulnerability in versions 3.9.0-rc3 to (CVSS 10.0) that allows the attacker. Critical severity with potential for significant impact on affected systems.

PHP Path Traversal
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

A path traversal vulnerability (CVSS 7.2) that allows an authenticated attacker with administrative privileges. High severity vulnerability requiring prompt remediation.

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

CVE-2025-48026 is a path traversal vulnerability in the WebApl component of Mitel OpenScape Xpressions that allows unauthenticated attackers to read arbitrary files from the underlying operating system due to insufficient input validation. The vulnerability affects OpenScape Xpressions through version V7R1 FR5 HF43 P913, and successful exploitation could expose sensitive information without requiring authentication, elevated privileges, or user interaction. The CVSS 7.5 score reflects the high confidentiality impact, though integrity and availability are not affected.

Path Traversal
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

PHPGurukul Pre-School Enrollment System v1.0 contains a directory traversal vulnerability in the update-teacher-pic.php endpoint that allows unauthenticated remote attackers to read arbitrary files from the server with high confidence. An attacker can exploit this network-accessible vulnerability without any privileges or user interaction to disclose sensitive files, potentially exposing database credentials, configuration files, or other system information. The high CVSS score of 7.5 reflects the ease of exploitation (network-accessible, low complexity, no authentication required) and significant confidentiality impact, though this vulnerability does not permit file modification or denial of service.

PHP Path Traversal Pre School Enrollment System
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

CVE-2025-50348 is a Directory Traversal vulnerability in PHPGurukul Pre-School Enrollment System Project version 1.0, specifically in the update-class-pic.php file. An unauthenticated remote attacker can exploit this vulnerability to read sensitive files from the server, achieving high confidentiality impact without requiring user interaction or special privileges. The vulnerability has a CVSS score of 7.5 (High) with a network-based attack vector and low attack complexity, indicating it is easily exploitable by remote actors; however, exploitation is limited to information disclosure without modification capabilities.

PHP Path Traversal Pre School Enrollment System
NVD GitHub
EPSS 0% CVSS 7.4
HIGH This Week

CVE-2025-52922 is a directory traversal vulnerability in Innoshop through version 0.4.1 that allows authenticated administrators to abuse multiple FileManager API endpoints to map the filesystem, create/delete arbitrary directories and files, read sensitive files, and move files anywhere on the server. With a CVSS score of 7.4 and low attack complexity, this represents a significant integrity and confidentiality risk for affected deployments, though exploitation requires valid administrative credentials.

Path Traversal
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability classified as critical has been found in diyhi bbs 6.8. Affected is the function Add of the file /src/main/java/cms/web/action/template/ForumManageAction.java of the component API. The manipulation of the argument dirName leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Java Path Traversal
NVD GitHub VulDB
EPSS 5% 4.7 CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

WinRAR contains a directory traversal vulnerability (CVE-2025-6218, CVSS 7.8) enabling remote code execution when users extract crafted archives. KEV-listed with EPSS 4.7% and public PoC, this vulnerability allows archive files to write outside the extraction directory, placing malicious files in startup folders or other sensitive locations. Given WinRAR's 500+ million user base, this is a high-impact social engineering vector.

RCE Path Traversal Winrar
NVD
EPSS 2% CVSS 8.5
HIGH POC This Week

CVE-2025-34023 is a path traversal vulnerability in Karel IP1211 IP Phone's web management panel that allows remote authenticated attackers to read arbitrary files from the underlying system via unsanitized input to the /cgi-bin/cgiServer.exx endpoint's page parameter. This vulnerability affects IP phone administrators with network access to the management interface and carries a CVSS 8.5 score reflecting high confidentiality impact. Active exploitation evidence was documented by Shadowserver Foundation on 2025-02-02 UTC, indicating real-world attack activity.

Path Traversal Information Disclosure IoT
NVD Exploit-DB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

CVE-2025-34022 is an unauthenticated path traversal vulnerability in Selea Targa IP OCR-ANPR cameras affecting at least 9 models (iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, Targa 704 ILB). The /common/get_file.php script fails to validate the 'file' parameter, allowing remote attackers to read arbitrary files including system credentials in cleartext. Active exploitation was confirmed by Shadowserver Foundation on 2025-02-02 UTC, indicating this is not theoretical-it is actively weaponized in the wild.

PHP Authentication Bypass Path Traversal +1
NVD Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

CVE-2025-45890 is a critical directory traversal vulnerability in Novel Plus before v5.1.0 that allows unauthenticated remote attackers to execute arbitrary code by manipulating the filePath parameter. The vulnerability has a CVSS score of 9.8 (critical severity) with a network-based attack vector requiring no privileges or user interaction. Given the critical CVSS metrics and remote code execution capability, this vulnerability poses an immediate and severe risk to all unpatched Novel Plus installations and warrants emergency patching.

RCE Path Traversal Novel Plus
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL PATCH Act Now

A remote code execution vulnerability (CVSS 9.9) that allows authenticated users. Critical severity with potential for significant impact on affected systems.

RCE Path Traversal Mattermost Server +1
NVD GitHub
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

A vulnerability was found in xataio Xata Agent up to 0.3.0. It has been classified as problematic. This affects the function GET of the file apps/dbagent/src/app/api/evals/route.ts. The manipulation of the argument passed leads to path traversal. Upgrading to version 0.3.1 is able to address this issue. The patch is named 03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc. It is recommended to upgrade the affected component.

Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the function create_upload_file of the file backend/api/file.py. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The reported GitHub issue was closed automatically with the label "not planned" by a bot.

Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW Monitor

A vulnerability has been found in OpenBMB XAgent up to 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /conv/community. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used.

Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used.

Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC PATCH Monitor

A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used.

Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 2.3
LOW Monitor

A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the switch in order to exploit

Path Traversal
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2.

Microsoft Path Traversal
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.

Path Traversal Osv Scalibr Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Path traversal vulnerability in Lychee photo-management tool (versions 6.6.6 through 6.6.9) that allows unauthenticated remote attackers to read arbitrary files from the server, including environment variables, configuration secrets, nginx logs, and other users' uploaded images. The vulnerability exists in SecurePathController.php and has a CVSS score of 7.5 (high severity) with straightforward network-based exploitation requiring no authentication or user interaction. A patch is available in version 6.6.10.

PHP Nginx Path Traversal
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation vulnerability in Trend Micro Security 17.8 (Consumer) that exploits improper link following (symlink/junction attack) to allow a low-privileged local attacker to delete privileged Trend Micro system files without user interaction. This vulnerability carries a CVSS 7.8 high severity rating due to high impact on confidentiality, integrity, and availability; however, real-world exploitability depends on KEV status, EPSS probability data, and proof-of-concept availability, which are not provided in the available intelligence.

Privilege Escalation Trend Micro Path Traversal +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Link following vulnerability (symlink attack) in Trend Micro Deep Security 20.0 agents that enables local privilege escalation on affected systems. An attacker with low-privileged code execution capability can exploit this flaw to gain high-level system access. The vulnerability has a CVSS score of 7.8 with high impact across confidentiality, integrity, and availability; KEV and POC status are not confirmed in available data, but the low attack complexity and low privilege requirement indicate moderate real-world risk once initial code execution is obtained.

Privilege Escalation Trend Micro Path Traversal +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

CVE-2025-49155 is an uncontrolled search path vulnerability in Trend Micro Apex One's Data Loss Prevention (DLP) module that allows unauthenticated remote attackers to inject and execute arbitrary code. The vulnerability requires user interaction (CVSS UI:R) but poses critical risk to organizations deploying Apex One, as successful exploitation grants full system compromise with high confidentiality, integrity, and availability impact (CVSS 8.8). Exploitation likelihood should be assessed against current threat intelligence for active in-the-wild usage.

RCE Trend Micro Code Injection +2
NVD
EPSS 87% 5.9 CVSS 8.8
HIGH POC THREAT Act Now

Sitecore Experience Manager, Platform, and Commerce versions 9.0 through 10.4 contain a Zip Slip vulnerability that allows authenticated attackers to write arbitrary files outside the intended upload directory. By crafting ZIP archives with path traversal entries, attackers can overwrite application files and achieve remote code execution.

RCE Path Traversal Managed Cloud +3
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Path traversal vulnerability in themezaa Litho that allows unauthenticated network attackers to cause a denial of service by accessing files outside the intended directory structure. Affected versions range from an unspecified baseline through version 3.0 of the Litho product. The vulnerability has a high CVSS score of 8.6 with a network attack vector and no authentication requirements, making it easily exploitable by remote attackers.

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A Path Traversal vulnerability (CWE-35) exists in the Aeroscroll Gallery WordPress plugin (versions through 1.0.12) that allows unauthenticated remote attackers to access arbitrary files on the server, potentially exposing sensitive configuration files, database credentials, and other confidential data. The vulnerability has a CVSS score of 7.5 (High) with network accessibility and no authentication required, making it a significant information disclosure risk for all installations of affected versions.

Path Traversal
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Path traversal vulnerability in Fastw3b LLC FW Gallery (versions through 8.0.0) that allows unauthenticated remote attackers to cause denial of service by manipulating file path parameters. The vulnerability has a high CVSS score of 8.6 due to its network accessibility and lack of authentication requirements, though impact is limited to availability rather than confidentiality or integrity. Specific KEV status, EPSS scores, and publicly available POC information cannot be confirmed from the provided data, warranting immediate vendor contact for patch availability and exploitation status.

Path Traversal
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service.

Denial Of Service Path Traversal
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Act Now

A privilege escalation vulnerability in A flaw (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Path Traversal
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CVE-2025-4365 is an arbitrary file read vulnerability affecting Citrix NetScaler Console and NetScaler SDX (SVM) that allows unauthenticated remote attackers to read sensitive files from affected systems. The vulnerability has a CVSS score of 7.5 (high severity) with a network-accessible attack vector requiring no authentication or user interaction. While specific KEV and EPSS data were not provided in the intelligence sources, the combination of high CVSS, unauthenticated access, and file disclosure capability indicates this requires prompt remediation.

Citrix Information Disclosure Path Traversal +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this issue. It is recommended to upgrade the affected component.

Python Path Traversal Python A2a
NVD GitHub VulDB
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The identifier of the patch is 5db74202d632306a883ccce7339c5bdba0d16c5a. It is recommended to upgrade the affected component.

Python Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The patch is named 7ba93a10000fb77ee01731478ef40551a27bd5b9. It is recommended to apply a patch to fix this issue.

Path Traversal Browser
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Conda-build versions prior to 25.4.0 are vulnerable to path traversal (Tarslip) attacks that allow unauthenticated remote attackers to write arbitrary files outside intended extraction directories by crafting malicious tar archives with directory traversal sequences. This critical vulnerability (CVSS 9.8) affects all users and systems utilizing conda-build for package compilation, with potential for privilege escalation and code execution depending on target file locations and system permissions.

RCE Privilege Escalation Path Traversal +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

A path traversal vulnerability in Liferay Portal 7.0.0 (CVSS 9.8) that allows remote attackers. Critical severity with potential for significant impact on affected systems.

Path Traversal Liferay Portal Digital Experience Platform
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.

Path Traversal
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java. The manipulation of the argument artifactId leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Java Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file /springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java of the component File Upload. The manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

File Upload Java Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server.

Path Traversal M Files Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

WordPress Path Traversal PHP
NVD
EPSS 4% CVSS 9.1
CRITICAL Act Now

The Image Resizer On The Fly WordPress plugin (versions ≤1.1) contains a critical arbitrary file deletion vulnerability in its 'delete' task that allows unauthenticated attackers to remove arbitrary files from the server without authentication. This vulnerability can facilitate remote code execution by deleting critical files such as wp-config.php, leading to complete WordPress installation compromise. With a CVSS score of 9.1 and network-accessible attack vector requiring no user interaction or privileges, this represents a critical risk to all unpatched installations.

WordPress PHP RCE +1
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

WordPress Path Traversal PHP
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

Critical directory traversal vulnerability in OpenC3 COSMOS versions before 6.1.0 affecting the /script-api/scripts/ endpoint. An unauthenticated attacker can exploit this flaw over the network with no user interaction required to read and potentially write arbitrary files on the affected system, achieving high confidentiality and integrity impact. The vulnerability has a CVSS score of 9.1 (Critical) with an CVSS vector indicating network-based attack, low complexity, and no privilege requirements.

Path Traversal Cosmos
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Directory traversal vulnerability in OpenC3 COSMOS versions before 6.1.0 that allows unauthenticated remote attackers to read arbitrary files from the server via the openc3-api/tables endpoint. This high-severity issue (CVSS 7.5) enables confidentiality breaches without requiring authentication or user interaction, potentially exposing sensitive configuration files, credentials, and operational data managed by the COSMOS command and control system.

Path Traversal Cosmos
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component

XSS Path Traversal Solon
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Critical path traversal vulnerability in RICOH Streamline NX V3 PC Client (versions 3.5.0-3.242.0) that allows unauthenticated remote attackers to execute arbitrary code on affected systems by tampering with specific files used by the product. With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this vulnerability poses immediate risk to organizations deploying vulnerable versions of the RICOH client software. KEV and EPSS status, POC availability, and active exploitation data are not yet available in public disclosures, but the severity profile (CVSS 9.8, CVSS:3.0/AV:N/AC:L/PR:N/UI:N) suggests high exploitability.

RCE Path Traversal
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Directory traversal vulnerability in the recv_file method that permits authenticated attackers to write arbitrary files to the master cache directory, potentially leading to code execution or system compromise. The vulnerability affects products using vulnerable file reception mechanisms and carries a critical CVSS 9.6 score with network accessibility and low complexity. While specific KEV/EPSS data was not provided in the intelligence briefing, the combination of high CVSS, low attack complexity, and authenticated-but-common access vectors suggests elevated real-world risk.

Path Traversal Salt Suse
NVD GitHub
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.

Path Traversal Debian Ubuntu +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.

Path Traversal Debian Ubuntu +1
NVD GitHub
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.

Path Traversal Debian Ubuntu +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Path traversal vulnerability in Google Web Designer's template handling mechanism that enables remote code execution when users are socially engineered into downloading malicious ad templates. Versions prior to 16.3.0.0407 on Windows are affected, and the vulnerability requires user interaction (UI:R) but has no authentication requirements (PR:N). While CVSS 8.8 indicates high severity with complete confidentiality, integrity, and availability impact, exploitation probability and KEV status information is not provided in the available intelligence.

RCE Path Traversal Google +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7), Mendix Studio Pro 10.6 (All versions < V10.6.24), Mendix Studio Pro 11 (All versions < V11.0.0), Mendix Studio Pro 8 (All versions < V8.18.35), Mendix Studio Pro 9 (All versions < V9.24.35). A zip path traversal vulnerability exists in the module installation process of Studio Pro. By crafting a malicious module and distributing it via (for example) the Mendix Marketplace, an attacker could write or modify arbitrary files in directories outside a developer’s project directory upon module installation.

Path Traversal
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Dell Wyse Management Suite versions prior to 5.2 contain an Absolute Path Traversal vulnerability (CWE-36) that allows unauthenticated remote attackers to read arbitrary files and gain unauthorized access without user interaction. The CVSS 8.2 score reflects high confidentiality impact and low integrity impact, with network-based attack vector requiring no privileges or interaction. No KEV/CISA active exploitation data, EPSS score, or public POC is currently confirmed in available intelligence, but the unauthenticated remote nature and path traversal primitive warrant immediate patching.

Authentication Bypass Information Disclosure Path Traversal +2
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Local privilege escalation vulnerability in IBM AIX 7.3 and IBM VIOS 4.1.1's Perl implementation that allows non-privileged local users to execute arbitrary code through improper pathname neutralization (path traversal). With a CVSS score of 8.4 and no authentication requirement, this represents a critical risk for AIX environments where local user access exists. The vulnerability's active exploitation status and proof-of-concept availability would significantly elevate real-world risk.

RCE IBM Privilege Escalation +3
NVD
EPSS 49% 6.2 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.

Microsoft Windows RCE +16
NVD
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.

Path Traversal Erxes
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.

Path Traversal Erxes
NVD GitHub
EPSS 0% CVSS 7.7
HIGH This Week

Path traversal vulnerability in HPE Aruba Networking Private 5G Core APIs that allows authenticated users to iteratively navigate the filesystem and download sensitive system files. The vulnerability affects the Private 5G Core platform with a CVSS score of 7.7 (high severity) due to confidentiality impact across system boundaries. While requiring low-privilege authentication and network access, successful exploitation directly exposes protected system files containing sensitive configuration and credential data.

Path Traversal Information Disclosure
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CVE-2025-40662 is an absolute path disclosure vulnerability in DM Corporative CMS that exposes sensitive filesystem information when an attacker requests non-existent files within the webroot/file directory. This high-severity information disclosure (CVSS 7.5) affects DM Corporative CMS users and allows unauthenticated remote attackers to enumerate and discover the absolute filesystem paths of the application, which typically precedes further exploitation. The vulnerability has not been confirmed as actively exploited in the wild (KEV status unknown from provided data), but represents a significant reconnaissance vector with minimal attack complexity.

Information Disclosure Path Traversal Dm Corporative Cms
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server.

Path Traversal
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Path traversal vulnerability (CWE-22) in a web application that allows authenticated users with high privileges to write arbitrary files to the system by manipulating file paths. While the CVSS score of 7.2 indicates moderate-to-high severity with high impact to confidentiality, integrity, and availability, the requirement for authenticated high-privilege access (PR:H) significantly constrains real-world exploitability. Active exploitation status, public POC availability, and EPSS score are unknown from the provided data, limiting definitive risk prioritization.

Path Traversal
NVD
EPSS 0% CVSS 7.6
HIGH This Week

SAP NetWeaver Visual Composer contains a directory traversal vulnerability (CWE-22) that allows high-privileged users to bypass path validation controls and read or modify arbitrary files on the system. The vulnerability affects SAP NetWeaver Visual Composer across supported versions and has a CVSS score of 7.6 due to high confidentiality impact and network-accessible attack vector, though exploitation requires high privileges (PR:H). Exploitation likelihood and KEV/POC status cannot be confirmed from available data, but the high-privilege prerequisite significantly reduces real-world exploitability compared to the base CVSS score suggests.

SAP Path Traversal Information Disclosure
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written into site.json. This enables attackers to exfiltrate sensitive system files such as /etc/passwd, application secrets, or configuration files accessible to the web server (www-data). The vulnerability stems from the way the HAXCMS backend handles the location field in the site's outline. When a user sends a POST request to /system/api/saveOutline, the backend stores the provided location value directly into the site.json file associated with the site, without validating or sanitizing the input. Later the location parameter is interpreted by the CMS to resolve and load the content for a given node. If the location field contains a relative path like `../../../etc/passwd`, the application will attempt to read and render that file. Version 11.0.0 fixes the issue.

PHP Path Traversal Haxcms Php
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Path traversal vulnerability in Mikado-Themes Grill and Chow WordPress themes (versions through 1.6) that enables PHP Local File Inclusion (LFI) attacks. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary files on the affected server, potentially exposing sensitive configuration files, database credentials, and other confidential data. The high CVSS score of 8.1 reflects significant impact on confidentiality and integrity, though exploitation requires higher attack complexity.

PHP Path Traversal
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A Path Traversal vulnerability in Mikado-Themes GrandPrix WordPress theme (versions through 1.6) allows unauthenticated remote attackers to perform PHP Local File Inclusion (LFI) attacks, potentially leading to arbitrary file reading, information disclosure, and remote code execution. The vulnerability has a CVSS score of 8.1 (High) with high impact on confidentiality, integrity, and availability; exploitation requires medium attack complexity but no user interaction or privileges. KEV status and active exploitation data were not provided, but the high CVSS and LFI nature suggest significant real-world risk if POC is publicly available.

PHP Path Traversal
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A Path Traversal vulnerability in Mikado-Themes MediClinic through version 2.1 enables unauthenticated remote attackers to conduct PHP Local File Inclusion (LFI) attacks, potentially allowing arbitrary file reading and code execution. The CVSS 8.1 score reflects high impact across confidentiality, integrity, and availability, though attack complexity is listed as HIGH. No public confirmation of active KEV exploitation or PoC availability is documented in standard feeds, but the high CVSS and LFI vector suggest this should be treated as a credible priority vulnerability.

PHP Path Traversal
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Path traversal vulnerability in ThimPress WP Pipes that allows unauthenticated remote attackers to access files outside restricted directories, potentially causing denial of service or information disclosure. Versions through 1.4.2 are affected. The vulnerability has a high CVSS score of 8.6 due to network accessibility and no authentication requirements, though the impact is limited to availability rather than confidentiality or integrity.

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Path traversal vulnerability in Spice Blocks (a WordPress plugin by spicethemes) affecting versions through 2.0.7.2 that allows unauthenticated remote attackers to read arbitrary files from the affected server. The vulnerability has a CVSS score of 7.5 (High) with network-based attack vector, no authentication required, and high confidentiality impact, making it a significant information disclosure risk for WordPress installations using this plugin.

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A path traversal vulnerability (CWE-22) in Holest Engineering's Spreadsheet Price Changer for WooCommerce and WP E-commerce - Light plugin allows unauthenticated remote attackers to read arbitrary files from the server by manipulating file path parameters. The vulnerability affects all versions through 2.4.37 and has a CVSS score of 7.5, indicating high confidentiality impact with no authentication required. Real-world exploitability depends on confirmation of active exploitation status and proof-of-concept availability; the low attack complexity and network accessibility suggest this is a genuine, easily-exploitable threat to affected WordPress installations.

WordPress Path Traversal
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in nanbu Welcart e-Commerce allows Path Traversal. This issue affects Welcart e-Commerce: from n/a through 2.11.13.

Path Traversal
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Path Traversal vulnerability enabling PHP Local File Inclusion (LFI) in Frenify Arlo through version 6.0.3. The vulnerability allows unauthenticated remote attackers to read arbitrary files from the server filesystem by manipulating path parameters, potentially exposing sensitive configuration files, source code, and credentials. With a CVSS score of 8.1 and network-accessible attack vector, this vulnerability poses significant risk to confidentiality and integrity; exploitation likelihood and active weaponization status cannot be confirmed from available data, but the straightforward nature of path traversal attacks suggests moderate-to-high real-world exploitation probability.

PHP Path Traversal
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Path traversal vulnerability in WebGeniusLab Seofy Core (versions up to 1.4.5) that allows unauthenticated remote attackers to achieve PHP Local File Inclusion (LFI) with high complexity. The vulnerability enables attackers to read arbitrary files and potentially execute code on affected systems. No public indicators confirm active exploitation or KEV listing at this time, but the high CVSS score (8.1) and remote attack vector indicate significant risk requiring urgent patching.

PHP Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Path traversal vulnerability in LambertGroup CLEVER versions up to 2.6 that allows unauthenticated remote attackers to read arbitrary files from the affected system with high confidentiality impact. The vulnerability requires no user interaction and can be exploited over the network, making it a critical exposure for organizations running vulnerable CLEVER instances. While CVSS 7.5 indicates significant risk, actual exploitation depends on KEV listing status and public POC availability, which should be verified against current threat intelligence feeds.

Path Traversal
NVD
Prev Page 26 of 86 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy