Skip to main content

Path Traversal

7734 CVEs technique

Monthly

CVE-2025-4720 MEDIUM POC This Month

A vulnerability was found in SourceCodester Student Result Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Student Result Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-47788 CRITICAL This Week

Atheos is a self-hosted browser-based cloud IDE. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD GitHub
CVSS 4.0
9.4
EPSS
0.6%
CVE-2024-8031 MEDIUM POC This Week

The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure PHP Path Traversal Secure Downloads
NVD WPScan
CVSS 3.1
6.5
EPSS
1.3%
CVE-2025-4564 CRITICAL Act Now

The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP RCE Path Traversal
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2024-13914 HIGH This Month

The File Manager Advanced Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure RCE Path Traversal
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2025-47445 HIGH POC This Week

Relative Path Traversal vulnerability in Themewinter Eventin allows Path Traversal.0.26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
8.8%
CVE-2025-43566 MEDIUM This Month

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Coldfusion
NVD
CVSS 3.1
6.8
EPSS
2.4%
CVE-2025-30387 CRITICAL This Week

Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Azure Ai Document Intelligence Studio
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2025-21264 HIGH This Week

Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Visual Studio Code
NVD
CVSS 3.1
7.1
EPSS
1.2%
CVE-2025-31493 PHP MEDIUM PATCH This Month

Kirby is an open-source content management system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Kirby
NVD GitHub
CVSS 4.0
6.3
EPSS
0.8%
CVE-2025-30207 PHP LOW PATCH Monitor

Kirby is an open-source content management system. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nginx Apache PHP Path Traversal Kirby
NVD GitHub
CVSS 4.0
2.3
EPSS
0.6%
CVE-2025-28055 HIGH POC This Month

upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Upset Gal Web
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48766 HIGH POC THREAT Act Now

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.0%.

PHP Path Traversal Netalertx
NVD
CVSS 3.1
8.6
EPSS
75.0%
Threat
5.5
CVE-2025-30159 PHP MEDIUM POC PATCH This Month

Kirby is an open-source content management system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Kirby
NVD GitHub
CVSS 4.0
6.3
EPSS
0.9%
CVE-2025-22859 MEDIUM This Month

A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Forticlientems Forticlientems Cloud Fortinet
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-40573 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
6.7
EPSS
0.1%
CVE-2025-4632 CRITICAL POC KEV PATCH THREAT Act Now

Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary files as SYSTEM authority, enabling complete server compromise.

Samsung Path Traversal Magicinfo 9 Server
NVD
CVSS 3.1
9.8
EPSS
49.2%
Threat
6.4
CVE-2024-4982 HIGH POC PATCH This Week

A directory traversal vulnerability was discovered in Pagure server. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Pagure Suse
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-4981 HIGH POC PATCH This Week

A vulnerability was discovered in Pagure server. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Path Traversal Pagure Suse
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2025-4545 MEDIUM POC This Month

A vulnerability was found in CTCMS Content Management System 2.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Ctcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-4530 MEDIUM This Month

A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-4529 MEDIUM This Month

A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Oa Web Application System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-4511 MEDIUM POC This Month

A vulnerability was found in vector4wang spring-boot-quick up to 20250422. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-2158 HIGH This Week

The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP RCE WordPress Path Traversal
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-4206 HIGH This Month

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner - Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE Path Traversal
NVD
CVSS 3.1
7.2
EPSS
5.7%
CVE-2025-3897 MEDIUM This Month

The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.7.2 via the 'file_get_contents' function. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Path Traversal PHP
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2025-4377 HIGH This Week

Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD
CVSS 4.0
8.3
EPSS
0.6%
CVE-2025-44021 PyPI LOW PATCH Monitor

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). Rated low severity (CVSS 2.8). No vendor patch available.

Path Traversal
NVD
CVSS 3.1
2.8
EPSS
0.1%
CVE-2024-6648 HIGH This Week

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ap Pagebuilder
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-47423 MEDIUM POC This Month

Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD GitHub
CVSS 3.1
5.8
EPSS
0.9%
CVE-2025-32820 HIGH This Week

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sma 100 Firmware Sma 200 Firmware Sma 210 Firmware Sma 400 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2025-32819 HIGH POC This Week

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Sma 100 Firmware Sma 200 Firmware Sma 210 Firmware +3
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2025-20188 CRITICAL POC CERT-EU Act Now

A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Apple Authentication Bypass File Upload Path Traversal +1
NVD
CVSS 3.1
10.0
EPSS
3.9%
CVE-2025-20187 MEDIUM This Month

A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Catalyst Sd Wan Manager
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2025-47649 HIGH This Week

Path Traversal vulnerability in ilmosys Open Close WooCommerce Store allows PHP Local File Inclusion.9.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Path Traversal
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-47636 HIGH This Week

Path Traversal vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.91.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-20949 MEDIUM This Month

Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Path Traversal Members
NVD
CVSS 3.1
5.1
EPSS
0.6%
CVE-2025-22479 LOW Monitor

Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Path Traversal Storage Manager
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-4329 MEDIUM POC This Month

A vulnerability was found in 74CMS up to 3.33.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal 74Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-46559 MEDIUM POC PATCH This Month

Misskey is an open source, federated social media platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. Public exploit code available.

Path Traversal Misskey
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-45239 MEDIUM POC This Month

An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Foxcms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-45238 CRITICAL POC Act Now

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Foxcms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.9%
CVE-2024-11615 MEDIUM This Month

The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the 'zetra_deleteLanguageFile' and 'zetra_deleteFontsFile' functions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Path Traversal
NVD
CVSS 3.1
5.3
EPSS
4.0%
CVE-2025-27920 HIGH KEV THREAT Act Now

Output Messenger before 2.0.63 contains a directory traversal vulnerability enabling attackers to access files outside the intended directory through path manipulation in parameters.

Path Traversal Output Messenger
NVD
CVSS 3.1
7.2
EPSS
52.0%
CVE-2024-55913 MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Concert
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-4186 MEDIUM This Month

A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 2024. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4185 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Wangshen SecGate 3600 2024. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-4178 MEDIUM POC This Month

A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical.java of the component File Upload API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal File Upload Java Java Server +1
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-4175 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-32011 CRITICAL Act Now

KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal
NVD
CVSS 4.0
9.3
EPSS
2.4%
CVE-2025-46565 npm MEDIUM POC PATCH This Month

Vite is a frontend tooling framework for javascript. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Vite Red Hat
NVD GitHub
CVSS 4.0
6.0
EPSS
1.5%
CVE-2025-27409 HIGH POC PATCH This Week

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Joplin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-4078 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 4.0
5.3
EPSS
1.8%
CVE-2025-2817 HIGH PATCH This Week

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Mozilla
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-27937 HIGH This Week

Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-26692 CRITICAL Act Now

Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Path Traversal Windows
NVD
CVSS 4.0
9.2
EPSS
0.6%
CVE-2025-28354 MEDIUM This Month

An issue in the Printer Manager Systm of Entrust Corp Printer Manager D3.18.4-3 and below allows attackers to execute a directory traversal via a crafted POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-1565 HIGH This Week

The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.4.1 via the library/wave-audio/peaks/remote_dl.php file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Path Traversal
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2025-46439 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Plugin Central allows Path Traversal.5.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-3300 HIGH This Week

The WPMasterToolKit (WPMTK) - All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2025-3065 CRITICAL Act Now

The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE Path Traversal
NVD
CVSS 3.1
9.1
EPSS
4.4%
CVE-2025-43716 MEDIUM This Month

A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Authentication Bypass Ivanti
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2025-43946 CRITICAL POC Act Now

TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path Traversal). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal File Upload Ddi
NVD GitHub
CVSS 3.1
9.8
EPSS
5.6%
CVE-2025-32950 Maven MEDIUM PATCH This Month

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Jmix Framework
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-34028 CRITICAL POC KEV THREAT Emergency

Commvault Command Center Innovation Release allows unauthenticated remote code execution through path traversal in ZIP file upload handling, enabling malicious JSP deployment on the server.

RCE Path Traversal Commvault
NVD GitHub
CVSS 4.0
9.3
EPSS
63.2%
Threat
6.8
CVE-2025-23250 HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Path Traversal Nemo
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-40445 HIGH This Week

A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Command Injection Path Traversal Mimetex Windows
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-3577 MEDIUM POC This Month

**UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authenticated attacker with. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Path Traversal Amg1302 T10B Firmware
NVD GitHub
CVSS 3.1
4.9
EPSS
2.8%
CVE-2025-28099 MEDIUM POC This Month

opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Opencms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2025-32431 Go HIGH PATCH This Week

Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Traefik Suse
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
CVE-2025-28367 MEDIUM POC THREAT This Month

mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 12.7%.

Authentication Bypass Path Traversal Mojoportal
NVD GitHub
CVSS 3.1
6.5
EPSS
12.7%
CVE-2025-29660 CRITICAL POC Act Now

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Xy 3820 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-0632 CRITICAL Act Now

Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Path Traversal
NVD
CVSS 4.0
9.2
EPSS
2.6%
CVE-2025-43928 MEDIUM POC This Month

In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Pmrs 102 Firmware
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2025-43919 MEDIUM POC PATCH This Month

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mailman Suse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.2%
CVE-2025-3404 HIGH This Week

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE Path Traversal
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2025-39470 HIGH This Week

Path Traversal: '.../...//' vulnerability in ThimPress Ivy School allows PHP Local File Inclusion.6.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP Path Traversal
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-3520 HIGH This Week

The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE Path Traversal
NVD
CVSS 3.1
8.1
EPSS
4.9%
CVE-2025-39568 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-27299 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Asia MyTicket Events allows Path Traversal.2.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-27283 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in rockgod100 Theme File Duplicator allows Path Traversal.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-3295 MEDIUM PATCH This Month

The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Wp Editor PHP
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2025-3294 HIGH PATCH This Week

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress RCE Path Traversal Wp Editor PHP
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2025-28072 HIGH POC This Week

PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Pre School Enrollment System
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2025-39598 MEDIUM This Month

Path Traversal vulnerability in Quý Lê 91 Administrator Z allows Path Traversal.03.28. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2025-39544 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Tools allows Path Traversal.18. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-1982 HIGH This Week

Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-3686 MEDIUM POC This Month

A vulnerability classified as problematic was found in misstt123 oasys 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Oasys
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2025-30966 MEDIUM This Month

Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2025-29213 MEDIUM POC This Month

A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Java Jeewms
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in SourceCodester Student Result Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Student Result Management System
NVD GitHub VulDB
EPSS 1% CVSS 9.4
CRITICAL This Week

Atheos is a self-hosted browser-based cloud IDE. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Week

The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure PHP +2
NVD WPScan
EPSS 4% CVSS 9.8
CRITICAL Act Now

The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP RCE +1
NVD
EPSS 1% CVSS 7.2
HIGH This Month

The File Manager Advanced Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure RCE +1
NVD
EPSS 9% CVSS 7.5
HIGH POC This Week

Relative Path Traversal vulnerability in Themewinter Eventin allows Path Traversal.0.26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Coldfusion
NVD
EPSS 3% CVSS 9.8
CRITICAL This Week

Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Azure Ai Document Intelligence Studio
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Visual Studio Code
NVD
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

Kirby is an open-source content management system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Kirby
NVD GitHub
EPSS 1% CVSS 2.3
LOW PATCH Monitor

Kirby is an open-source content management system. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nginx Apache PHP +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Month

upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Upset Gal Web
NVD GitHub
EPSS 75% 5.5 CVSS 8.6
HIGH POC THREAT Act Now

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.0%.

PHP Path Traversal Netalertx
NVD
EPSS 1% CVSS 6.3
MEDIUM POC PATCH This Month

Kirby is an open-source content management system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Kirby
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Forticlientems Forticlientems Cloud +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Siemens Scalance Lpe9403 Firmware
NVD
EPSS 49% 6.4 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary files as SYSTEM authority, enabling complete server compromise.

Samsung Path Traversal Magicinfo 9 Server
NVD
EPSS 0% CVSS 7.6
HIGH POC PATCH This Week

A directory traversal vulnerability was discovered in Pagure server. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Pagure Suse
NVD
EPSS 0% CVSS 7.6
HIGH POC PATCH This Week

A vulnerability was discovered in Pagure server. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Path Traversal Pagure +1
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in CTCMS Content Management System 2.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Ctcms
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Oa Web Application System
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in vector4wang spring-boot-quick up to 20250422. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP RCE +2
NVD
EPSS 6% CVSS 7.2
HIGH This Month

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner - Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE +1
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.7.2 via the 'file_get_contents' function. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Path Traversal PHP
NVD
EPSS 1% CVSS 8.3
HIGH This Week

Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD
EPSS 0% CVSS 2.8
LOW PATCH Monitor

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). Rated low severity (CVSS 2.8). No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ap Pagebuilder
NVD
EPSS 1% CVSS 5.8
MEDIUM POC This Month

Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sma 100 Firmware Sma 200 Firmware +4
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Sma 100 Firmware +5
NVD
EPSS 4% CVSS 10.0
CRITICAL POC Act Now

A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Apple Authentication Bypass +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Catalyst Sd Wan Manager
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Path Traversal vulnerability in ilmosys Open Close WooCommerce Store allows PHP Local File Inclusion.9.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Path Traversal vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.91.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Path Traversal
NVD
EPSS 1% CVSS 5.1
MEDIUM This Month

Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Path Traversal Members
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Path Traversal Storage Manager
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in 74CMS up to 3.33.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal 74Cms
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Misskey is an open source, federated social media platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. Public exploit code available.

Path Traversal Misskey
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Foxcms
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Foxcms
NVD GitHub
EPSS 4% CVSS 5.3
MEDIUM This Month

The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the 'zetra_deleteLanguageFile' and 'zetra_deleteFontsFile' functions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Path Traversal
NVD
EPSS 52% CVSS 7.2
HIGH KEV THREAT Act Now

Output Messenger before 2.0.63 contains a directory traversal vulnerability enabling attackers to access files outside the intended directory through path manipulation in parameters.

Path Traversal Output Messenger
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Concert
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 2024. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Wangshen SecGate 3600 2024. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical.java of the component File Upload API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal File Upload +3
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java
NVD GitHub VulDB
EPSS 2% CVSS 9.3
CRITICAL Act Now

KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get access due to a path traversal. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal
NVD
EPSS 1% CVSS 6.0
MEDIUM POC PATCH This Month

Vite is a frontend tooling framework for javascript. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Vite Red Hat
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Joplin
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Mozilla
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 1% CVSS 9.2
CRITICAL Act Now

Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Path Traversal +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue in the Printer Manager Systm of Entrust Corp Printer Manager D3.18.4-3 and below allows attackers to execute a directory traversal via a crafted POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.4.1 via the library/wave-audio/peaks/remote_dl.php file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Path Traversal
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Plugin Central allows Path Traversal.5.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The WPMasterToolKit (WPMTK) - All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal
NVD
EPSS 4% CVSS 9.1
CRITICAL Act Now

The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE Path Traversal
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Authentication Bypass +1
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path Traversal). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal File Upload +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Jmix Framework
NVD GitHub
EPSS 63% 6.8 CVSS 9.3
CRITICAL POC KEV THREAT Emergency

Commvault Command Center Innovation Release allows unauthenticated remote code execution through path traversal in ZIP file upload handling, enabling malicious JSP deployment on the server.

RCE Path Traversal Commvault
NVD GitHub
EPSS 0% CVSS 7.6
HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia RCE Path Traversal +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Command Injection Path Traversal +2
NVD GitHub
EPSS 3% CVSS 4.9
MEDIUM POC This Month

**UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authenticated attacker with. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Path Traversal Amg1302 T10B Firmware
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Opencms
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Traefik Suse
NVD GitHub
EPSS 13% CVSS 6.5
MEDIUM POC THREAT This Month

mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 12.7%.

Authentication Bypass Path Traversal Mojoportal
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Xy 3820 Firmware
NVD GitHub
EPSS 3% CVSS 9.2
CRITICAL Act Now

Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Path Traversal
NVD
EPSS 0% CVSS 5.8
MEDIUM POC This Month

In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Pmrs 102 Firmware
NVD
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mailman Suse
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Path Traversal: '.../...//' vulnerability in ThimPress Ivy School allows PHP Local File Inclusion.6.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP Path Traversal
NVD
EPSS 5% CVSS 8.1
HIGH This Week

The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arture B.V. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Path Traversal
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Asia MyTicket Events allows Path Traversal.2.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in rockgod100 Theme File Duplicator allows Path Traversal.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Wp Editor +1
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress RCE Path Traversal +2
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Pre School Enrollment System
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Path Traversal vulnerability in Quý Lê 91 Administrator Z allows Path Traversal.03.28. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Tools allows Path Traversal.18. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as problematic was found in misstt123 oasys 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Oasys
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Java +1
NVD GitHub
Prev Page 28 of 86 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy