Path Traversal
Monthly
Path traversal in QNAP QTS and QuTS hero NAS operating systems exposes arbitrary file contents to attackers who have already obtained administrator-level access. The root cause (CWE-22) indicates insufficient sanitization of file path inputs, allowing directory escape to reach files outside intended scope. No public exploit code has been identified at time of analysis, and CISA KEV lists no active exploitation - making this a targeted post-compromise risk rather than an opportunistic mass-exploitation scenario. Vendor-released patches address all affected branches as of May 2026.
Path traversal in QNAP License Center (versions 1.9.0 through 1.9.55) permits a high-privileged attacker with an administrator account to read arbitrary files or system data outside the intended directory scope. The CVSS 4.0 vector (AV:N/PR:H) indicates network-reachable exploitation contingent on first obtaining administrative credentials. No public exploit code or active exploitation has been identified at time of analysis; a vendor-released patch is available in version 1.9.56.
Path traversal in Adobe CAI Content Credentials SDK (c2pa-web@0.7.1 and c2pa-v0.80.1 and earlier) permits arbitrary file writes outside the intended extraction directory when a victim opens a maliciously crafted C2PA content credentials file. The CVSS vector confirms a local attack surface (AV:L) with high integrity impact (I:H) and no confidentiality or availability impact, meaning an attacker's primary capability is unauthorized file placement on the target filesystem. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis.
Security feature bypass in Adobe ColdFusion 2023 (through Update 19) and ColdFusion 2025 (through Update 8) allows remote attackers to read files outside intended directories via a path traversal flaw, with a scope change that extends impact beyond the vulnerable component. Exploitation requires the victim to open a malicious file, and no public exploit identified at time of analysis; EPSS is low (0.02%) but CVSS is 9.6 due to the scope change and high CIA impact.
Hermes WebUI's SSH/remote terminal workspace resolver exposes local server files to authenticated low-privilege attackers by accepting system directories as trusted workspace roots. The flaw in `_remote_terminal_workspace_candidate()` (`api/workspace.py`) causes an early return that bypasses the `_is_blocked_workspace_path()` guard, allowing an attacker-configured remote terminal working directory (e.g., `/etc`) to be registered as a trusted workspace - after which workspace file-read helpers treat it as a local path and return host file contents. No public exploit has been identified at time of analysis, but the CVSS 4.0 vector scores SC:H (high subsequent-system confidentiality impact), confirming meaningful server-side file disclosure potential.
Relative path traversal in Visual Studio Code versions prior to 1.123.1 enables unauthenticated remote attackers to tamper with files outside the intended directory boundary, producing a high integrity impact with no confidentiality or availability loss. The CVSS vector (AV:N/AC:L/PR:N/UI:R) indicates the attack requires no privileges and is low-complexity over a network, but depends on a victim interacting with attacker-controlled content. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis.
Security feature bypass via path traversal in GitHub Copilot and Visual Studio Code allows a local unauthorized attacker to escape a restricted directory and reach files or resources that should be inaccessible. The flaw is tracked under CWE-22 with a CVSS 3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N) reflecting high confidentiality, integrity, and availability impact from local exploitation. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Path traversal in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) enables an authenticated low-privileged attacker to execute code over a network by escaping the intended directory scope. Affected builds span all three actively maintained SharePoint Server product lines, with vendor-confirmed patches available for each. No public exploit code has been identified at time of analysis, and this CVE is not currently listed in the CISA KEV catalog; however, the low attack complexity (AC:L) and no user interaction requirement (UI:N) make it a credible target for exploitation once an attacker has any valid SharePoint credential.
Local privilege escalation and code execution in Microsoft Azure Kubernetes Service (AKS) is possible via a path traversal flaw (CWE-22) that allows an authorized attacker on the local system to break out of restricted directory boundaries and execute code with elevated privileges. The CVSS 3.1 score of 8.8 reflects the scope change (S:C) where exploitation impacts resources beyond the vulnerable component, enabling full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis.
Local privilege escalation in Omnissa Workspace ONE Assist for macOS allows an authenticated local user with low privileges to escalate to higher privileges through a path traversal weakness (CWE-22). The flaw carries a CVSS 7.8 (High) rating with full confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. The vulnerability is tracked under Omnissa advisory OMSA-2026-0001 and is specific to the macOS build of the Assist remote-support agent.
Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Information disclosure in TYPO3 CMS allows authenticated backend users with file download permissions to retrieve arbitrary files from the server's document root via the Media Module's File Abstraction Layer (FAL) fallback storage. Affected branches span versions 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30, and 14.0.0-14.3.2, with no public exploit identified at time of analysis. The flaw exposes sensitive files such as logs, .htpasswd, and configuration material that would normally sit outside the managed file storage.
Path traversal in TYPO3 CMS's GeneralUtility::isAllowedAbsPath() allows authenticated administrator-level users to define File Abstraction Layer (FAL) storage roots that resolve to directories outside the project root. Affected versions span all active TYPO3 branches: before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31, and 14.0.0-14.3.3. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; the CVSS 4.0 score of 2.1 reflects the severe privilege and prerequisite constraints that substantially limit real-world impact.
Path traversal in awxkit's YAML !include directive exposes arbitrary local files when a user imports a crafted YAML file via the AWX CLI. Affecting Red Hat Ansible Automation Platform 2, the vulnerability (CWE-22) allows an unauthenticated attacker who can deliver a malicious YAML file to a victim to read arbitrary YAML-formatted files from that user's local filesystem - including potentially sensitive configuration, credential, or key material files - without any write or execution capability. No public exploit identified at time of analysis; CVSS 4.7 reflects the real-world constraints of local attack vector, high complexity, and mandatory user interaction.
Path traversal in Siemens SINEC INS versions prior to V1.0 SP2 Update 6 exposes arbitrary file system locations via the SFTP directory listing endpoint. An authenticated low-privileged network attacker can send a crafted path to GET /api/sftp/uploadFiles to read files outside the intended directory scope, resulting in unauthorized disclosure of file system contents. No active exploitation or public proof-of-concept has been identified at time of analysis; the impact is limited to confidentiality with no integrity or availability consequence.
Path traversal in Apache Airflow's Samba provider exposes Samba target file systems to arbitrary write operations when GCSToSambaOperator processes GCS object names containing directory traversal sequences. Disclosed on 2026-06-09 via the oss-security mailing list by Apache committer Jarek Potiuk as a pre-NVD disclosure, the vulnerability enables any party who can influence GCS object names in the source bucket to write files outside the intended destination directory on the Samba share. No public exploit code has been identified at time of analysis, and CVSS scoring is not yet available.
Path traversal in the HarmonyOS SMS application allows unauthenticated remote attackers to impact integrity and availability on affected Huawei devices. Exploitation requires user interaction - a victim must engage with a crafted message - but no privileges or special authentication are needed from the attacker's side, lowering the barrier to reach a target. No public exploit or CISA KEV listing exists at time of analysis; this appears to be a vendor-disclosed issue patched in the June 2026 Huawei security bulletin.
Path traversal in Spring Framework's static resource resolution exposes arbitrary server files to unauthenticated remote attackers across both Spring MVC and Spring WebFlux stacks. Four major release lines - 5.3.x, 6.1.x, 6.2.x, and 7.0.x - are affected, making this a broad-surface issue for the Java ecosystem. The CVSS vector confirms unauthenticated network access with high confidentiality impact, though the AC:H designation indicates non-trivial exploit conditions; no public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.
Local File Inclusion in the Recover Exit For WooCommerce WordPress plugin (versions up to and including 1.0.3) allows remote unauthenticated attackers to include arbitrary local PHP files via the unsanitized `tpf` POST parameter passed to `include()` in the `recover_exit()` function. Successful exploitation can disclose sensitive files such as `wp-config.php` and, when combined with file upload primitives or log poisoning, escalate to remote code execution. No public exploit identified at time of analysis, though the vulnerable sink is documented in the plugin source on plugins.trac.wordpress.org.
Path traversal in SAP NetWeaver Application Server Java's Web Container allows unauthenticated remote attackers to manipulate file inclusion parameters within crafted HTTP logon requests, leading to inclusion and processing of arbitrary local files. Successful exploitation can expose or modify sensitive data and render portions of the server unavailable, with no public exploit identified at time of analysis but a CVSS of 9.0 reflecting full CIA impact with scope change.
{file} endpoint, which fails to restrict path traversal sequences in the file parameter. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no authentication, no privileges, and no user interaction from a network position. No public exploit identified at time of analysis, and the EPSS score of 0.12% (30th percentile) reflects low observed exploitation probability, though the no-auth attack surface warrants attention for publicly exposed deployments.
Remote code execution in BookCars v8.3 is achievable by authenticated attackers who abuse a path traversal flaw in the /api/create-user endpoint to rename and relocate files from temporary storage to attacker-chosen filesystem paths. The flaw is tagged as Authentication Bypass, Path Traversal, and RCE, and a public write-up exists in a third-party GitHub repository, though it is not listed in CISA KEV and EPSS is low at 0.17% (38th percentile).
Authenticated arbitrary local file read in Basekick Labs Arc analytics platform allows any token holder - even one with an empty permissions array - to exfiltrate sensitive host files (auth.db bcrypt hashes, arc.toml S3/TLS secrets, /proc/self/environ) and pivot to SSRF against cloud metadata endpoints by abusing unblocked DuckDB I/O functions in the SELECT clause. The flaw stems from an incomplete regex denylist in internal/api/query.go that filtered only read_parquet and arc_partition_agg while leaving the wider DuckDB I/O family (read_csv_auto, read_json, read_text, read_blob, glob, parquet_metadata, read_xlsx, etc.) and SELECT-list scalar table functions unguarded. No public exploit identified at time of analysis, but the GHSA advisory ships a working single-request proof-of-concept and the fix is shipped in Arc 2026.06.1.
Path traversal in Dulwich's porcelain.format_patch function allows patch files to be written outside the intended output directory by processing commits with malicious subject lines. Any service passing untrusted commits to dulwich.porcelain.format_patch(outdir=...) - such as CI pipelines, PR review platforms, or developer tooling processing third-party repositories - is affected in versions 0.24.0 through 1.2.4. No public exploit identified at time of analysis and no CISA KEV listing, but the attack pattern is trivially reproducible from the advisory description alone; exploitation requires no special tooling beyond crafting a commit with a subject like 'x/../../target'.
Authorization bypass in Headplane (the web UI for Headscale) prior to 0.6.3 and 0.7.0-beta.3 allows authenticated low-privilege users to escape the intended Headscale API endpoint via path traversal sequences embedded in node and user rename values. By smuggling traversal payloads through un-encoded URL path segments, an attacker can reach arbitrary Headscale API operations, breaking the RBAC model and impacting integrity and availability of the tailnet. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Path traversal in OpenBullet2 through 0.3.2 lets authenticated attackers read, write, and delete arbitrary files via the wordlist endpoint, escalating to remote code execution by tampering with system files like /etc/passwd. Because the application runs as root by default, successful exploitation yields full system compromise. Publicly available exploit code exists (VulnCheck advisory and HackerNoon write-up), though there is no public exploit identified at time of analysis indicating CISA KEV listing.
Authentication bypass in AdGuard Home prior to v0.107.77 allows unauthenticated remote attackers to gain full admin access when the binary is launched with the --glinet flag, by injecting a path traversal sequence into the Admin-Token cookie. The flaw lives in the authglinet middleware, which concatenates the cookie value into a file path without sanitization, letting attackers redirect token reads to arbitrary files. No public exploit identified at time of analysis, but the vendor advisory and a community-disclosed root cause make weaponization straightforward.
Path traversal in NLnet Labs Routinator allows remote attackers to escape the rsync cache directory by supplying rsync URIs whose module component contains '..' sequences, enabling read/write access across the entire Routinator rsync cache filesystem. The flaw is network-reachable and requires no authentication, and no public exploit identified at time of analysis. CVSS 4.0 of 8.3 reflects high integrity and availability impact with an attack requirement (AT:P) reducing it from critical.
Arbitrary file read in Bagisto v2.4.1 allows unauthenticated remote attackers to retrieve sensitive files outside the web root by injecting path traversal sequences into the filename parameter of the ImageCacheController. The CVSS 4.0 base score of 8.7 reflects network-reachable, no-privilege, no-interaction exploitation with high confidentiality impact, and no public exploit identified at time of analysis.
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Path traversal in hsweb-framework up to version 5.0.1 allows authenticated remote attackers to write files outside the intended upload directory by manipulating the filename argument in the file upload component. The root cause is insufficient sanitization of path sequences — including URL-encoded variants (`..%2F`) and Windows-style backslashes (`..\`) — in the `denied` function of `FileUploadProperties.java`. A public exploit has been disclosed via GitHub issue #344, and a patch commit is available; no KEV listing indicates opportunistic rather than confirmed mass exploitation.
Path traversal in jishenghua jshERP up to version 3.6 allows authenticated remote attackers to manipulate the `fileName` argument at the `addAccountHeadAndDetail` endpoint, producing limited but confirmed integrity and availability impacts (I:L/A:L). The vulnerability is in `AccountHeadService.java` within the Java ERP application, and a proof-of-concept exploit has been publicly disclosed via the project's GitHub issue tracker. The vendor had not responded to the responsible disclosure at time of reporting, and no patch is available.
Path traversal in iAI Lab PDF AI App 4.21.0 on Android allows a local low-privileged attacker to manipulate the `_display_name` argument within the `getExternalCacheDir` function of the `chatpdf.pro` component, enabling unauthorized file system access outside the intended cache directory. The CVSS 4.0 score of 1.9 reflects the strictly local attack surface and limited integrity and availability impact with no confidentiality breach. A public proof-of-concept exploit has been released; the vendor was contacted prior to disclosure and did not respond, leaving the vulnerability unpatched.
Path traversal in the Quick Playground WordPress plugin (versions ≤ 1.3.4) exposes arbitrary server files to authenticated administrators. The flaw exists in client-qckply_data.php where the qckply_data() function forwards a user-supplied filename POST parameter directly into file_get_contents() without sanitization, enabling traversal sequences to escape the webroot and reach files such as wp-config.php or /etc/passwd. No public exploit exists and the vulnerability is not listed in the CISA KEV catalog, but exploitation would yield database credentials and other secrets with high confidentiality impact.
Directory traversal in the LearnPress - Backup & Migration Tool plugin for WordPress (all versions through 4.1.4) allows authenticated administrators to read arbitrary files on the underlying server by supplying path traversal sequences via the 'import-user-file' parameter. Exploitation exposes highly sensitive server-side content - including wp-config.php database credentials, private keys, or system files - despite requiring high-privilege access. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV. The CVSS score of 4.9 reflects the high privilege barrier (PR:H), but the C:H confidentiality impact makes successful exploitation consequential.
Directory traversal in the Smart Slider 3 WordPress plugin (all versions ≤ 3.5.1.36) exposes arbitrary server-side files to authenticated administrators via the replaceHTMLImage function in the plugin's slider export/backup subsystem. An attacker with administrator-level WordPress access can craft a request that traverses outside the intended directory and return the raw contents of sensitive files such as wp-config.php. No public exploit or CISA KEV listing exists at time of analysis, and the high privilege requirement (CVSS PR:H) substantially limits the realistic attack surface to insider threats, compromised admin accounts, or privilege-escalation chains.
Local File Inclusion in the WP User Manager WordPress plugin (versions through 2.9.17) allows unauthenticated remote attackers to include and execute arbitrary .php files on the server via the profile tab query parameter. The flaw stems from missing validation of the tab value before it is passed to the profile template loader, enabling path traversal to any PHP file the web server can read. No public exploit is identified at time of analysis, and the issue is not listed in CISA KEV, but POC behavior is effectively documented in the upstream fix's traversal test cases.
Path traversal in MoviePilot's AliPan, U115, Rclone, and SMB cloud storage download handlers allows an attacker who controls remote filenames to write files outside the configured download directory. The flaw stems from unsanitized concatenation of filenames returned by remote cloud APIs, enabling overwrite of configuration files, plugins, or other files accessible to the application process. No public exploit identified at time of analysis, but a vendor patch is available via upstream commit a0b3800.
Authenticated path traversal in Altium Enterprise Server (before 8.1.1) and Altium 365 lets a low-privileged user read arbitrary files - including service configuration and credential material - via a crafted path parameter to the Projects Service download endpoint. No public exploit is identified at time of analysis, but the flaw is chainable with CVE-2026-11424 to reach the cloud-side endpoint, and on multi-tenant Altium 365 deployments the leaked credentials could be shared across services, sharply amplifying blast radius.
Remote code execution in Altium Enterprise Server (versions prior to 8.1.1) and Altium 365 arises from a path traversal flaw in the shared Git Service component, which processes post-clone file-manipulation operations using user-supplied paths without validation. An authenticated user with basic git permissions can move arbitrary files outside the repository area, drop attacker-controlled scripts into directories the service later executes, and on multi-tenant Altium 365 infrastructure could have reached data belonging to other tenants on the same node. No public exploit identified at time of analysis, and EPSS sits at 0.44% (63rd percentile).
Unauthenticated arbitrary file write and read in the Network Installation Service (NIS) component of Altium Enterprise Server enables remote attackers to overwrite binaries or configuration, drop content into web-accessible directories, and exfiltrate package archives - escalating to remote code execution as the service account. The CVSS 4.0 score of 10.0 (AV:N/AC:L/PR:N/UI:N with high impact across confidentiality, integrity, availability and scope) reflects a worst-case unauthenticated network primitive. No public exploit identified at time of analysis, and Altium 365 cloud deployments are explicitly out of scope.
Arbitrary file write in the Altium Enterprise Server Vault Service allows authenticated users to escape the configured storage root via the UploadController image upload endpoint and place content-controlled files anywhere the service account can write. The flaw (CVSS 4.0 base 9.4, CWE-22) escalates to remote code execution, service takeover, or denial of service by overwriting application binaries, configuration files, or dropping payloads in web-accessible directories. No public exploit identified at time of analysis, and Altium 365 cloud deployments are explicitly out of scope.
Arbitrary file read in Altium Enterprise Server Collaboration Service (versions prior to 8.1.1) allows an authenticated low-privileged user to traverse the server filesystem via crafted filenames in MCAD and Simulation download flows. Because retrievable files include the master configuration holding privileged credentials, the bug escalates to full administrative takeover of the on-premises server. No public exploit identified at time of analysis, and Altium 365 cloud tenants are explicitly out of scope.
Local File Inclusion in HAX CMS's saveOutline endpoint allows an authenticated low-privileged user to read arbitrary files on the server by injecting path traversal sequences into the location field written to site.json. Both the PHP and NodeJS backend variants (haxtheweb/haxcms-php and haxtheweb/haxcms-nodejs) are affected across all versions prior to 26.0.0. There is no public exploit identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog, though the confidentiality impact is rated High given that exfiltrable targets include /etc/passwd, application secrets, and web-server-readable configuration files.
Unauthenticated file disclosure and arbitrary file read in Altium Enterprise Server prior to 8.1.1 allows any network-reachable attacker to forge signed Vault download URLs using a hard-coded key shipped identically across all installations. Chained with a co-located path traversal in the same download endpoint (and optionally CVE-2026-9152 for enumeration), an attacker can read arbitrary server-side files including configuration and key material, leading to full server compromise. No public exploit identified at time of analysis; CVSS 4.0 score is 10.0 and Altium 365 SaaS is not affected because cloud deployments use object storage rather than the local filesystem.
Path traversal in NASA AMMOS AIT-Core's Binary Stream Capture (BSC) component allows unauthenticated remote attackers to direct the ait-bsc process to append attacker-controlled binary data to arbitrary files on the host filesystem, limited only by the OS permissions of the running process. Affected are AIT-Core 3.1.0 and all 2.x versions before 2.6.1, exploitable via a direct HTTP request if the BSC port is network-accessible or via a browser-based CSRF attack that works even against localhost-bound deployments. Publicly available exploit code exists (python_poc.py, attacker_tcp.py, and test1.html), though no CISA KEV listing was identified at time of analysis.
Path traversal vulnerabilities in Flux source-controller (CWE-23) expose two distinct attack surfaces on the controller pod. In the Bucket reconciler, an actor who can influence object keys in a referenced bucket can cause source-controller to write fetched data to arbitrary paths on the pod filesystem, escaping the per-reconciliation working directory sandbox. Separately, authenticated Kubernetes users with GitRepository create/update RBAC permissions can exploit the sparse-checkout feature (v1.6.0+) to enumerate file paths on the controller pod via the resource's status field. Both issues are patched in source-controller v1.8.5; no public exploit has been identified at time of analysis and this CVE is not listed in CISA KEV.
Remote code execution in DbGate versions 7.1.8 and earlier allows network-adjacent attackers to achieve full container compromise via a Zip Slip flaw in the archive unzip endpoint. Because the default Docker deployment runs as root and the bundled 'none' authentication provider issues JWT tokens without credentials, any attacker reachable on the network can upload a malicious ZIP that writes files anywhere on the filesystem, including cron entries for code execution. Publicly available exploit code exists in the GHSA advisory itself, and an upstream patched release (7.1.9) is available.
Path traversal in NocoDB allows authenticated users with base-create permission to point a SQLite data source at any file readable or writable by the NocoDB server process, including its own internal state databases. The flaw exists in the SQLite client and base/integration create services, which accept a caller-supplied filename and pass it directly to filesystem calls without any path restriction or canonicalization. An attacker exploiting this can read or overwrite `noco.db`, tenant databases under `nc_minimal_dbs/`, or any other file accessible to the NocoDB process - enabling full internal state disclosure, cross-tenant data access, and destructive modification. No public exploit has been identified at time of analysis, and a vendor-released patch exists in version 2026.05.1.
Path traversal in Siderolabs Omni's `CreateSchematic` gRPC endpoint allows an authenticated Operator to force the server to issue HTTP GET requests to arbitrary paths on the configured image-factory host by injecting `../` sequences into the `TalosVersion` field. The CVSS score of 2.7 (PR:H, C:L) reflects that exploitation requires a high-privilege Operator credential and yields only limited confidentiality impact - error body content from unintended image-factory endpoints is reflected back to the caller. No public exploit or CISA KEV listing exists at time of analysis, placing this in a low-priority patch tier for most deployments.
Unauthenticated arbitrary file read in Lyrion Music Server 9.2.0 allows remote attackers to retrieve sensitive files from the host by manipulating directory traversal sequences in file path parameters handled by the embedded web server. The flaw is network-reachable with no authentication or user interaction required, and publicly available exploit code exists via the Zero Science Lab advisory ZSL-2026-5992. No CISA KEV listing or EPSS score was provided, so widespread opportunistic exploitation has not been confirmed, but the low barrier to abuse makes opportunistic scanning likely.
Arbitrary file write in the npm decompress package (all versions) exploits a second-generation Zip Slip bypass that circumvents protections introduced in the CVE-2020-12265 fix. By crafting a ZIP archive where a symlink entry and a same-named regular file share an identical path, an attacker leverages microtask scheduling order to write file contents through the unresolved symlink to arbitrary locations outside the extraction output directory, creating a realistic path to remote code execution. Publicly available exploit code exists per the E:P temporal modifier and a published PoC Gist, elevating real-world concern especially for applications processing untrusted archives in automated pipelines.
Directory traversal in the OpenDaylight Controller v12.0.5 cluster-admin:backup-datastore component allows unauthenticated remote attackers to read arbitrary files outside the intended backup directory via a crafted request. A public proof-of-concept exists on GitHub (majdlatah/ODL-Path-Traversal), though no active exploitation has been reported and EPSS scoring places real-world exploitation probability at the 16th percentile.
Information disclosure in Hermes WebUI before v0.51.221 allows authenticated remote attackers to read arbitrary files outside the designated workspace by placing symlinks that resolve to external host paths and accessing them through the workspace file or listing APIs. Because the vulnerable code only blocked raw '..' traversal and a small denylist of system directories rather than enforcing that resolved targets stay within the workspace root, attackers can disclose sensitive host content such as SSH keys, cloud credentials, and application tokens. No public exploit identified at time of analysis, but the patch and a VulnCheck advisory are published and the fix is straightforward to reverse-engineer from the upstream commit.
Command injection in stata-mcp (MCP-for-Stata) versions prior to 1.17.3 allows attackers to execute arbitrary Stata commands - including the `shell` directive - by supplying a crafted `log_file_name` parameter to the `stata_do` MCP tool or CLI. The flaw bypasses the existing `GuardValidator` security control, which only inspects do-file content and never examines wrapper parameters, enabling remote code execution and arbitrary file writes via path traversal. Publicly available exploit code exists in the GHSA advisory PoC, though no public exploit identified at time of analysis indicates in-the-wild abuse.
Path restriction bypass in SingularityCE allows local authenticated low-privilege users to execute containers from directories whose names share a string prefix with administrator-configured allowed paths, defeating the `limit container paths` security control in setuid mode. The flaw exists only when this directive is actively configured in `singularity.conf`; installations not using the directive are entirely unaffected per the vendor advisory. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Path traversal in CPython's tarfile module allows malicious tar archives to bypass the data_filter safety mechanism and write files to arbitrary locations outside the intended extraction directory. When an application or user calls tarfile.extractall() with the data filter active, specially crafted symlinks using empty names, directory-like names, or trailing slashes can redirect subsequent archive members through attacker-controlled paths, subject to the permissions of the extracting process. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, but the attack vector is network-accessible and requires only that a victim initiate extraction of a crafted archive (UI:A).
Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Path traversal in Tautulli's cache deletion API endpoint allows authenticated low-privilege users to delete arbitrary directories outside the configured cache root, resulting in arbitrary data loss and service disruption. All Tautulli versions prior to 2.17.1 are affected; the vendor-confirmed fix is v2.17.1 (released 2026-05-04). The CVSS 4.0 E:P modifier confirms proof-of-concept exploit code exists, and no public exploit identified at time of analysis rises to CISA KEV-confirmed active exploitation.
Local privilege abuse in the Acer Connect M6E 5G Portable WiFi Router lets installed applications smuggle raw AT commands across the Android system Binder boundary, where they are forwarded to the cellular baseband without verification. Up to and including firmware M6E_AI_1.00.000019, low-privileged local apps can read sensitive baseband files (IMSI, configuration blobs) and disable cellular connectivity, with no public exploit identified at time of analysis and no CISA KEV listing.
Server-Side Request Forgery and path traversal in docling-core versions 1.5.0 through 2.74.0 allow remote attackers to coerce the library into writing files outside the user-defined cache directory by manipulating server-controlled Content-Disposition headers when applications fetch untrusted URLs. The flaw stems from insufficient validation of remote request destinations combined with unsafe resolution of server-supplied filenames. No public exploit identified at time of analysis, but the network-reachable, unauthenticated nature of the bug (CVSS 8.6) makes it a meaningful supply-chain concern for Python applications integrating docling-core for document processing.
Path traversal and SSRF in Docling's HTML backend allow attackers to coerce the document processor into reading local files, contacting internal network resources, and consuming unbounded resources when a crafted HTML document is processed with non-default fetch flags enabled. The flaw affects the docling Python package prior to 2.94.0 and stems from missing validation of file:// URIs, relative/absolute paths, HTTP redirects, and download sizes; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Path traversal in Docling's LaTeX backend (pip/docling versions 2.73.0 through 2.90.x) allows an attacker who supplies a crafted LaTeX document to read arbitrary files accessible to the conversion process via the \includegraphics, \input, and \include command handlers. With a high confidentiality impact (C:H) but local attack vector and required user interaction (AV:L/UI:R per CVSS), the practical risk is concentrated in automated document-processing pipelines or services that ingest untrusted .tex files. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV. A vendor-released patch exists as of version 2.91.0.
Path traversal (Zip Slip) in IBM's Docling document processing library before v2.91.0 allows arbitrary file write when the EasyOCR model download function extracts ZIP archives without validating member paths. An attacker who can intercept or substitute the model download source (via MITM, DNS spoofing, or upstream supply-chain compromise) can drop files anywhere the process can write, leading to RCE or persistence. No public exploit identified at time of analysis and the vulnerability is not on the CISA KEV list.
Arbitrary file write on OpenStack Ironic conductor nodes is achievable via path traversal in virtual media ISO handling (OSSA-2026-018). Authenticated attackers who can supply a malicious ISO image through the deploy_iso_href parameter can write files to arbitrary locations on the conductor host, constrained only by the ironic-conductor process's filesystem permissions. No public exploit has been identified at time of analysis, and active exploitation has not been confirmed by CISA KEV, but the vulnerability carries a CVSS 3.1 score of 6.5 and is rated Critical severity by the Ironic project.
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity.
Path traversal in MBS industrial gateway products (Single-A, Double-A, Single-X, Double-X series) allows authenticated remote attackers to read arbitrary files on the device via the ugw-logread method. CVSS 4.0 score of 8.7 reflects network-reachable exploitation with only low-privilege user credentials needed, exposing potentially sensitive configuration, credential, and operational data on industrial protocol gateways. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Unauthorized file or directory access in ABB T-MAC Plus version 4.0-24 allows authenticated remote attackers to read, modify, or otherwise interact with resources that should not be externally reachable, with CVSS 4.0 scoring 7.3 due to high confidentiality and availability impact plus scope change to subsequent systems. The flaw is classified under CWE-552 (Files or Directories Accessible to External Parties) and was disclosed by ABB itself. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Arbitrary file read via path traversal in alf.io's extension sandbox allows a high-privileged user to silently exfiltrate any file accessible to the JVM process to an attacker-controlled server. All versions prior to 2.0-M5-2606 automatically inject an unrestricted `simpleHttpClient` into every extension script scope, where `postFileAndSaveResponse()` constructs a raw `FileInputStream` from a caller-supplied path with no validation, directory restriction, or allowlist. No public exploit identified at time of analysis; the PR:H CVSS prerequisite (extension management rights) meaningfully constrains the attack surface but does not eliminate risk, particularly in multi-tenant or insider-threat scenarios.
Arbitrary file disclosure in BrowserStack Runner versions through 0.9.5 allows unauthenticated network-adjacent attackers to read sensitive files outside the project root by abusing a path traversal flaw in the default HTTP handler of lib/server.js. Because the embedded test server binds on all interfaces by default, any attacker on the same network segment (Wi-Fi, VLAN, or shared LAN) can retrieve source code, credentials, or environment files. No public exploit identified at time of analysis, but a GitHub Security Advisory (GHSA-8rpw-6cqh-2v9h) has been published.
Arbitrary recursive directory deletion in Gleam's dependency management (versions 0.18.0-rc1 through 1.16.x) is triggered when a developer runs 'gleam deps download' against a project whose normally-gitignored build/packages/packages.toml has been seeded with path traversal sequences as package keys. The compiler-cli reads these keys without validation, constructs a filesystem path via paths.build_packages_package(), and passes it directly to fs::delete_directory (Rust's remove_dir_all), allowing sequences such as '../../' or absolute paths to escape the intended build/packages/ directory and destroy arbitrary directories on the victim's machine. No public exploit has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog; the fix commit and GitHub Security Advisory GHSA-jqvf-f6p2-wrv3 confirm the issue and its resolution.
Path traversal in Gleam's documentation build tooling allows arbitrary file read and write on a developer's workstation when gleam docs build is run against a malicious project. The documentation.pages[].source and documentation.pages[].path fields in gleam.toml accept unsanitized filesystem paths, enabling an attacker who controls gleam.toml content to exfiltrate local files (embedded into generated docs artifacts) or write generated files to arbitrary locations outside build/dev/docs/. Affected versions span only Gleam 1.16.x; no public exploit identified at time of analysis and no KEV listing, but the attack surface is any developer who clones and builds documentation for an untrusted Gleam project.
Arbitrary file write in Collibra Agent's restore handler allows remote unauthenticated attackers to drop files outside the intended extraction directory by submitting a crafted ZIP archive that abuses unsanitized path entries during extraction. The flaw affects multiple Collibra Platform SaaS and on-premises release trains and carries a CVSS 3.1 score of 7.5 (integrity-only impact). No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV, but a vendor patch is available.
Path traversal in Jupyter Server 2.17.0 allows authenticated users to read and write files in sibling directories outside the configured root, via a flawed startswith() boundary check in _get_os_path() combined with to_os_path() failing to strip '..' sequences. With CVSS 8.1 (high confidentiality and integrity impact) and a publicly available proof-of-concept disclosed through huntr, the issue is particularly dangerous in shared/multi-tenant hosting where multiple Jupyter instances share a parent directory. EPSS is currently low (0.05%), and there is no public exploit identified at time of analysis beyond the huntr POC reference.
Path traversal in VIVOTEK FD8136-VVTK firmware 0300a exposes the full device filesystem to authenticated low-privilege attackers via the /admin/downloadMedias.cgi endpoint. An attacker holding any valid credential can craft a request with directory traversal sequences to read arbitrary files - including configuration data, credentials, or private keys stored on the device. No confirmed active exploitation (not in CISA KEV), but a vulnerability research repository on GitHub exists for this CVE, and EPSS is very low at 0.02%, suggesting limited widespread attacker awareness at time of analysis.
Path traversal in Android's PackageInstallerService allows a local, unprivileged attacker to redirect a Device Policy Controller (DPC) installation into an unintended filesystem directory via a crafted install session, enabling local escalation of privilege on Android 14 through Android 16. No public exploit code has been identified at time of analysis, and EPSS at 0.01% (1st percentile) reflects minimal observed exploitation probability. The local attack vector (AV:L) constrains real-world exposure to scenarios where the attacker already has physical or application-level access to the device, materially limiting the attack surface compared to network-exploitable flaws.
Path traversal in Banana Slides through 0.4.0 allows unauthenticated remote attackers to read arbitrary image-format files outside the uploads directory via the generate_image() function in the AI service backend. The flaw stems from an incomplete prefix check using os.path.startswith() without a trailing separator, letting sibling directories whose names share the uploads folder prefix bypass containment. Publicly available exploit code exists (GitHub issue #429), and a vendor patch has been released in commit e8bc490.
Arbitrary file write in F5-TTS through 1.1.20 allows unauthenticated remote attackers to create directories and write attacker-controlled JSON anywhere the server process has write access by abusing unsanitized project_name parameters in the finetune Gradio interface. The flaw stems from passing user input directly to os.path.join() - supplying an absolute path bypasses the intended base directory entirely. Publicly available exploit code exists, and an upstream patch has been merged via PR #1294.
Path traversal in ishayoyo excel-mcp (all versions through 1.0.2) allows remote low-privileged attackers to read or write arbitrary files on the host system by manipulating the filePath or outputPath arguments passed to the read_file and write_file MCP tool handlers in src/index.ts. The CVSS 4.0 score is 2.1 (Low), but a publicly available proof-of-concept exploit exists via a GitHub issue disclosure, and no vendor patch has been released - the maintainer has not responded to the responsible disclosure report. No public exploit identified as confirmed actively exploited (CISA KEV) at time of analysis.
Broken share revocation in Nextcloud Forms versions 4.3.0 through 5.2.7 leaves former collaborators with persistent read access to uploaded respondent files after removal. The vulnerability stems from a two-layer share architecture where removing a collaborator deleted the Forms-layer share record but silently preserved the underlying Nextcloud Files-layer share on the uploaded files folder - meaning removed users retained filesystem-level access to sensitive form submission files. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV, but the low-complexity network vector (CVSS AV:N/AC:L/PR:N/UI:N) means a removed collaborator can exploit this passively without any additional action.
Path traversal in Nextcloud Server 31.x and 32.x allows authenticated non-admin users to copy arbitrary server-side files into their own Nextcloud storage directory when an administrator has configured the `{lang}` placeholder in the template directory config value. The root cause is insufficient sanitization of the `forceLanguage` HTTP request parameter and the `ACCEPT_LANGUAGE` header in `lib/private/L10N/Factory.php`, which were used unsanitized in filesystem path construction. No public exploit identified at time of analysis, though a HackerOne report (3468140) exists; CVSS scores this as Medium (4.4) due to high complexity and privilege preconditions, and impact is limited to confidentiality with no code execution possible.
Path traversal in Rocketgenius Gravity Forms (WordPress plugin) versions up to and including 2.10.0.1 enables remote attackers to perform arbitrary file deletion on the underlying server, as catalogued in the Patchstack advisory referenced by NVD. The CVSS 9.6 score reflects a scope-changing impact reachable over the network with low complexity and no authentication, though successful exploitation requires user interaction. No public exploit has been identified at time of analysis and the issue is not present in CISA KEV.
Path traversal in whatsapp-mcp 0.0.1 exposes arbitrary server files to authenticated adjacent-network attackers via the `mediaPath` argument of the Send API endpoint (`/api/send`). The `sendWhatsAppMessage` function in `whatsapp-bridge/main.go` passed the caller-supplied path directly to `os.ReadFile()` without sanitization, allowing traversal sequences to reference files outside any intended directory. A proof-of-concept exploit has been publicly disclosed (CVSS 4.0 E:P), though no active exploitation is confirmed and no CISA KEV listing exists. The overall CVSS 4.0 score of 2.0 reflects narrow real-world impact: adjacent-network exposure only, low confidentiality loss, and no integrity or availability impact.
Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Path traversal in the Classified Listing WordPress plugin (versions through 5.3.8) enables authenticated low-privileged users to download arbitrary files from the server filesystem. The vulnerability, reported by Patchstack as an arbitrary file download flaw, exposes full confidentiality impact (C:H) with no integrity or availability consequence, meaning attackers can exfiltrate sensitive server files - including wp-config.php, credentials, or private data - but cannot modify or destroy them. No active exploitation is confirmed and no public exploit code has been identified at time of analysis.
Path traversal in QNAP QTS and QuTS hero NAS operating systems exposes arbitrary file contents to attackers who have already obtained administrator-level access. The root cause (CWE-22) indicates insufficient sanitization of file path inputs, allowing directory escape to reach files outside intended scope. No public exploit code has been identified at time of analysis, and CISA KEV lists no active exploitation - making this a targeted post-compromise risk rather than an opportunistic mass-exploitation scenario. Vendor-released patches address all affected branches as of May 2026.
Path traversal in QNAP License Center (versions 1.9.0 through 1.9.55) permits a high-privileged attacker with an administrator account to read arbitrary files or system data outside the intended directory scope. The CVSS 4.0 vector (AV:N/PR:H) indicates network-reachable exploitation contingent on first obtaining administrative credentials. No public exploit code or active exploitation has been identified at time of analysis; a vendor-released patch is available in version 1.9.56.
Path traversal in Adobe CAI Content Credentials SDK (c2pa-web@0.7.1 and c2pa-v0.80.1 and earlier) permits arbitrary file writes outside the intended extraction directory when a victim opens a maliciously crafted C2PA content credentials file. The CVSS vector confirms a local attack surface (AV:L) with high integrity impact (I:H) and no confidentiality or availability impact, meaning an attacker's primary capability is unauthorized file placement on the target filesystem. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis.
Security feature bypass in Adobe ColdFusion 2023 (through Update 19) and ColdFusion 2025 (through Update 8) allows remote attackers to read files outside intended directories via a path traversal flaw, with a scope change that extends impact beyond the vulnerable component. Exploitation requires the victim to open a malicious file, and no public exploit identified at time of analysis; EPSS is low (0.02%) but CVSS is 9.6 due to the scope change and high CIA impact.
Hermes WebUI's SSH/remote terminal workspace resolver exposes local server files to authenticated low-privilege attackers by accepting system directories as trusted workspace roots. The flaw in `_remote_terminal_workspace_candidate()` (`api/workspace.py`) causes an early return that bypasses the `_is_blocked_workspace_path()` guard, allowing an attacker-configured remote terminal working directory (e.g., `/etc`) to be registered as a trusted workspace - after which workspace file-read helpers treat it as a local path and return host file contents. No public exploit has been identified at time of analysis, but the CVSS 4.0 vector scores SC:H (high subsequent-system confidentiality impact), confirming meaningful server-side file disclosure potential.
Relative path traversal in Visual Studio Code versions prior to 1.123.1 enables unauthenticated remote attackers to tamper with files outside the intended directory boundary, producing a high integrity impact with no confidentiality or availability loss. The CVSS vector (AV:N/AC:L/PR:N/UI:R) indicates the attack requires no privileges and is low-complexity over a network, but depends on a victim interacting with attacker-controlled content. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis.
Security feature bypass via path traversal in GitHub Copilot and Visual Studio Code allows a local unauthorized attacker to escape a restricted directory and reach files or resources that should be inaccessible. The flaw is tracked under CWE-22 with a CVSS 3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N) reflecting high confidentiality, integrity, and availability impact from local exploitation. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Path traversal in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) enables an authenticated low-privileged attacker to execute code over a network by escaping the intended directory scope. Affected builds span all three actively maintained SharePoint Server product lines, with vendor-confirmed patches available for each. No public exploit code has been identified at time of analysis, and this CVE is not currently listed in the CISA KEV catalog; however, the low attack complexity (AC:L) and no user interaction requirement (UI:N) make it a credible target for exploitation once an attacker has any valid SharePoint credential.
Local privilege escalation and code execution in Microsoft Azure Kubernetes Service (AKS) is possible via a path traversal flaw (CWE-22) that allows an authorized attacker on the local system to break out of restricted directory boundaries and execute code with elevated privileges. The CVSS 3.1 score of 8.8 reflects the scope change (S:C) where exploitation impacts resources beyond the vulnerable component, enabling full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis.
Local privilege escalation in Omnissa Workspace ONE Assist for macOS allows an authenticated local user with low privileges to escalate to higher privileges through a path traversal weakness (CWE-22). The flaw carries a CVSS 7.8 (High) rating with full confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. The vulnerability is tracked under Omnissa advisory OMSA-2026-0001 and is specific to the macOS build of the Assist remote-support agent.
Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Information disclosure in TYPO3 CMS allows authenticated backend users with file download permissions to retrieve arbitrary files from the server's document root via the Media Module's File Abstraction Layer (FAL) fallback storage. Affected branches span versions 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30, and 14.0.0-14.3.2, with no public exploit identified at time of analysis. The flaw exposes sensitive files such as logs, .htpasswd, and configuration material that would normally sit outside the managed file storage.
Path traversal in TYPO3 CMS's GeneralUtility::isAllowedAbsPath() allows authenticated administrator-level users to define File Abstraction Layer (FAL) storage roots that resolve to directories outside the project root. Affected versions span all active TYPO3 branches: before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31, and 14.0.0-14.3.3. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog; the CVSS 4.0 score of 2.1 reflects the severe privilege and prerequisite constraints that substantially limit real-world impact.
Path traversal in awxkit's YAML !include directive exposes arbitrary local files when a user imports a crafted YAML file via the AWX CLI. Affecting Red Hat Ansible Automation Platform 2, the vulnerability (CWE-22) allows an unauthenticated attacker who can deliver a malicious YAML file to a victim to read arbitrary YAML-formatted files from that user's local filesystem - including potentially sensitive configuration, credential, or key material files - without any write or execution capability. No public exploit identified at time of analysis; CVSS 4.7 reflects the real-world constraints of local attack vector, high complexity, and mandatory user interaction.
Path traversal in Siemens SINEC INS versions prior to V1.0 SP2 Update 6 exposes arbitrary file system locations via the SFTP directory listing endpoint. An authenticated low-privileged network attacker can send a crafted path to GET /api/sftp/uploadFiles to read files outside the intended directory scope, resulting in unauthorized disclosure of file system contents. No active exploitation or public proof-of-concept has been identified at time of analysis; the impact is limited to confidentiality with no integrity or availability consequence.
Path traversal in Apache Airflow's Samba provider exposes Samba target file systems to arbitrary write operations when GCSToSambaOperator processes GCS object names containing directory traversal sequences. Disclosed on 2026-06-09 via the oss-security mailing list by Apache committer Jarek Potiuk as a pre-NVD disclosure, the vulnerability enables any party who can influence GCS object names in the source bucket to write files outside the intended destination directory on the Samba share. No public exploit code has been identified at time of analysis, and CVSS scoring is not yet available.
Path traversal in the HarmonyOS SMS application allows unauthenticated remote attackers to impact integrity and availability on affected Huawei devices. Exploitation requires user interaction - a victim must engage with a crafted message - but no privileges or special authentication are needed from the attacker's side, lowering the barrier to reach a target. No public exploit or CISA KEV listing exists at time of analysis; this appears to be a vendor-disclosed issue patched in the June 2026 Huawei security bulletin.
Path traversal in Spring Framework's static resource resolution exposes arbitrary server files to unauthenticated remote attackers across both Spring MVC and Spring WebFlux stacks. Four major release lines - 5.3.x, 6.1.x, 6.2.x, and 7.0.x - are affected, making this a broad-surface issue for the Java ecosystem. The CVSS vector confirms unauthenticated network access with high confidentiality impact, though the AC:H designation indicates non-trivial exploit conditions; no public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.
Local File Inclusion in the Recover Exit For WooCommerce WordPress plugin (versions up to and including 1.0.3) allows remote unauthenticated attackers to include arbitrary local PHP files via the unsanitized `tpf` POST parameter passed to `include()` in the `recover_exit()` function. Successful exploitation can disclose sensitive files such as `wp-config.php` and, when combined with file upload primitives or log poisoning, escalate to remote code execution. No public exploit identified at time of analysis, though the vulnerable sink is documented in the plugin source on plugins.trac.wordpress.org.
Path traversal in SAP NetWeaver Application Server Java's Web Container allows unauthenticated remote attackers to manipulate file inclusion parameters within crafted HTTP logon requests, leading to inclusion and processing of arbitrary local files. Successful exploitation can expose or modify sensitive data and render portions of the server unavailable, with no public exploit identified at time of analysis but a CVSS of 9.0 reflecting full CIA impact with scope change.
{file} endpoint, which fails to restrict path traversal sequences in the file parameter. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no authentication, no privileges, and no user interaction from a network position. No public exploit identified at time of analysis, and the EPSS score of 0.12% (30th percentile) reflects low observed exploitation probability, though the no-auth attack surface warrants attention for publicly exposed deployments.
Remote code execution in BookCars v8.3 is achievable by authenticated attackers who abuse a path traversal flaw in the /api/create-user endpoint to rename and relocate files from temporary storage to attacker-chosen filesystem paths. The flaw is tagged as Authentication Bypass, Path Traversal, and RCE, and a public write-up exists in a third-party GitHub repository, though it is not listed in CISA KEV and EPSS is low at 0.17% (38th percentile).
Authenticated arbitrary local file read in Basekick Labs Arc analytics platform allows any token holder - even one with an empty permissions array - to exfiltrate sensitive host files (auth.db bcrypt hashes, arc.toml S3/TLS secrets, /proc/self/environ) and pivot to SSRF against cloud metadata endpoints by abusing unblocked DuckDB I/O functions in the SELECT clause. The flaw stems from an incomplete regex denylist in internal/api/query.go that filtered only read_parquet and arc_partition_agg while leaving the wider DuckDB I/O family (read_csv_auto, read_json, read_text, read_blob, glob, parquet_metadata, read_xlsx, etc.) and SELECT-list scalar table functions unguarded. No public exploit identified at time of analysis, but the GHSA advisory ships a working single-request proof-of-concept and the fix is shipped in Arc 2026.06.1.
Path traversal in Dulwich's porcelain.format_patch function allows patch files to be written outside the intended output directory by processing commits with malicious subject lines. Any service passing untrusted commits to dulwich.porcelain.format_patch(outdir=...) - such as CI pipelines, PR review platforms, or developer tooling processing third-party repositories - is affected in versions 0.24.0 through 1.2.4. No public exploit identified at time of analysis and no CISA KEV listing, but the attack pattern is trivially reproducible from the advisory description alone; exploitation requires no special tooling beyond crafting a commit with a subject like 'x/../../target'.
Authorization bypass in Headplane (the web UI for Headscale) prior to 0.6.3 and 0.7.0-beta.3 allows authenticated low-privilege users to escape the intended Headscale API endpoint via path traversal sequences embedded in node and user rename values. By smuggling traversal payloads through un-encoded URL path segments, an attacker can reach arbitrary Headscale API operations, breaking the RBAC model and impacting integrity and availability of the tailnet. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Path traversal in OpenBullet2 through 0.3.2 lets authenticated attackers read, write, and delete arbitrary files via the wordlist endpoint, escalating to remote code execution by tampering with system files like /etc/passwd. Because the application runs as root by default, successful exploitation yields full system compromise. Publicly available exploit code exists (VulnCheck advisory and HackerNoon write-up), though there is no public exploit identified at time of analysis indicating CISA KEV listing.
Authentication bypass in AdGuard Home prior to v0.107.77 allows unauthenticated remote attackers to gain full admin access when the binary is launched with the --glinet flag, by injecting a path traversal sequence into the Admin-Token cookie. The flaw lives in the authglinet middleware, which concatenates the cookie value into a file path without sanitization, letting attackers redirect token reads to arbitrary files. No public exploit identified at time of analysis, but the vendor advisory and a community-disclosed root cause make weaponization straightforward.
Path traversal in NLnet Labs Routinator allows remote attackers to escape the rsync cache directory by supplying rsync URIs whose module component contains '..' sequences, enabling read/write access across the entire Routinator rsync cache filesystem. The flaw is network-reachable and requires no authentication, and no public exploit identified at time of analysis. CVSS 4.0 of 8.3 reflects high integrity and availability impact with an attack requirement (AT:P) reducing it from critical.
Arbitrary file read in Bagisto v2.4.1 allows unauthenticated remote attackers to retrieve sensitive files outside the web root by injecting path traversal sequences into the filename parameter of the ImageCacheController. The CVSS 4.0 base score of 8.7 reflects network-reachable, no-privilege, no-interaction exploitation with high confidentiality impact, and no public exploit identified at time of analysis.
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Path traversal in hsweb-framework up to version 5.0.1 allows authenticated remote attackers to write files outside the intended upload directory by manipulating the filename argument in the file upload component. The root cause is insufficient sanitization of path sequences — including URL-encoded variants (`..%2F`) and Windows-style backslashes (`..\`) — in the `denied` function of `FileUploadProperties.java`. A public exploit has been disclosed via GitHub issue #344, and a patch commit is available; no KEV listing indicates opportunistic rather than confirmed mass exploitation.
Path traversal in jishenghua jshERP up to version 3.6 allows authenticated remote attackers to manipulate the `fileName` argument at the `addAccountHeadAndDetail` endpoint, producing limited but confirmed integrity and availability impacts (I:L/A:L). The vulnerability is in `AccountHeadService.java` within the Java ERP application, and a proof-of-concept exploit has been publicly disclosed via the project's GitHub issue tracker. The vendor had not responded to the responsible disclosure at time of reporting, and no patch is available.
Path traversal in iAI Lab PDF AI App 4.21.0 on Android allows a local low-privileged attacker to manipulate the `_display_name` argument within the `getExternalCacheDir` function of the `chatpdf.pro` component, enabling unauthorized file system access outside the intended cache directory. The CVSS 4.0 score of 1.9 reflects the strictly local attack surface and limited integrity and availability impact with no confidentiality breach. A public proof-of-concept exploit has been released; the vendor was contacted prior to disclosure and did not respond, leaving the vulnerability unpatched.
Path traversal in the Quick Playground WordPress plugin (versions ≤ 1.3.4) exposes arbitrary server files to authenticated administrators. The flaw exists in client-qckply_data.php where the qckply_data() function forwards a user-supplied filename POST parameter directly into file_get_contents() without sanitization, enabling traversal sequences to escape the webroot and reach files such as wp-config.php or /etc/passwd. No public exploit exists and the vulnerability is not listed in the CISA KEV catalog, but exploitation would yield database credentials and other secrets with high confidentiality impact.
Directory traversal in the LearnPress - Backup & Migration Tool plugin for WordPress (all versions through 4.1.4) allows authenticated administrators to read arbitrary files on the underlying server by supplying path traversal sequences via the 'import-user-file' parameter. Exploitation exposes highly sensitive server-side content - including wp-config.php database credentials, private keys, or system files - despite requiring high-privilege access. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV. The CVSS score of 4.9 reflects the high privilege barrier (PR:H), but the C:H confidentiality impact makes successful exploitation consequential.
Directory traversal in the Smart Slider 3 WordPress plugin (all versions ≤ 3.5.1.36) exposes arbitrary server-side files to authenticated administrators via the replaceHTMLImage function in the plugin's slider export/backup subsystem. An attacker with administrator-level WordPress access can craft a request that traverses outside the intended directory and return the raw contents of sensitive files such as wp-config.php. No public exploit or CISA KEV listing exists at time of analysis, and the high privilege requirement (CVSS PR:H) substantially limits the realistic attack surface to insider threats, compromised admin accounts, or privilege-escalation chains.
Local File Inclusion in the WP User Manager WordPress plugin (versions through 2.9.17) allows unauthenticated remote attackers to include and execute arbitrary .php files on the server via the profile tab query parameter. The flaw stems from missing validation of the tab value before it is passed to the profile template loader, enabling path traversal to any PHP file the web server can read. No public exploit is identified at time of analysis, and the issue is not listed in CISA KEV, but POC behavior is effectively documented in the upstream fix's traversal test cases.
Path traversal in MoviePilot's AliPan, U115, Rclone, and SMB cloud storage download handlers allows an attacker who controls remote filenames to write files outside the configured download directory. The flaw stems from unsanitized concatenation of filenames returned by remote cloud APIs, enabling overwrite of configuration files, plugins, or other files accessible to the application process. No public exploit identified at time of analysis, but a vendor patch is available via upstream commit a0b3800.
Authenticated path traversal in Altium Enterprise Server (before 8.1.1) and Altium 365 lets a low-privileged user read arbitrary files - including service configuration and credential material - via a crafted path parameter to the Projects Service download endpoint. No public exploit is identified at time of analysis, but the flaw is chainable with CVE-2026-11424 to reach the cloud-side endpoint, and on multi-tenant Altium 365 deployments the leaked credentials could be shared across services, sharply amplifying blast radius.
Remote code execution in Altium Enterprise Server (versions prior to 8.1.1) and Altium 365 arises from a path traversal flaw in the shared Git Service component, which processes post-clone file-manipulation operations using user-supplied paths without validation. An authenticated user with basic git permissions can move arbitrary files outside the repository area, drop attacker-controlled scripts into directories the service later executes, and on multi-tenant Altium 365 infrastructure could have reached data belonging to other tenants on the same node. No public exploit identified at time of analysis, and EPSS sits at 0.44% (63rd percentile).
Unauthenticated arbitrary file write and read in the Network Installation Service (NIS) component of Altium Enterprise Server enables remote attackers to overwrite binaries or configuration, drop content into web-accessible directories, and exfiltrate package archives - escalating to remote code execution as the service account. The CVSS 4.0 score of 10.0 (AV:N/AC:L/PR:N/UI:N with high impact across confidentiality, integrity, availability and scope) reflects a worst-case unauthenticated network primitive. No public exploit identified at time of analysis, and Altium 365 cloud deployments are explicitly out of scope.
Arbitrary file write in the Altium Enterprise Server Vault Service allows authenticated users to escape the configured storage root via the UploadController image upload endpoint and place content-controlled files anywhere the service account can write. The flaw (CVSS 4.0 base 9.4, CWE-22) escalates to remote code execution, service takeover, or denial of service by overwriting application binaries, configuration files, or dropping payloads in web-accessible directories. No public exploit identified at time of analysis, and Altium 365 cloud deployments are explicitly out of scope.
Arbitrary file read in Altium Enterprise Server Collaboration Service (versions prior to 8.1.1) allows an authenticated low-privileged user to traverse the server filesystem via crafted filenames in MCAD and Simulation download flows. Because retrievable files include the master configuration holding privileged credentials, the bug escalates to full administrative takeover of the on-premises server. No public exploit identified at time of analysis, and Altium 365 cloud tenants are explicitly out of scope.
Local File Inclusion in HAX CMS's saveOutline endpoint allows an authenticated low-privileged user to read arbitrary files on the server by injecting path traversal sequences into the location field written to site.json. Both the PHP and NodeJS backend variants (haxtheweb/haxcms-php and haxtheweb/haxcms-nodejs) are affected across all versions prior to 26.0.0. There is no public exploit identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog, though the confidentiality impact is rated High given that exfiltrable targets include /etc/passwd, application secrets, and web-server-readable configuration files.
Unauthenticated file disclosure and arbitrary file read in Altium Enterprise Server prior to 8.1.1 allows any network-reachable attacker to forge signed Vault download URLs using a hard-coded key shipped identically across all installations. Chained with a co-located path traversal in the same download endpoint (and optionally CVE-2026-9152 for enumeration), an attacker can read arbitrary server-side files including configuration and key material, leading to full server compromise. No public exploit identified at time of analysis; CVSS 4.0 score is 10.0 and Altium 365 SaaS is not affected because cloud deployments use object storage rather than the local filesystem.
Path traversal in NASA AMMOS AIT-Core's Binary Stream Capture (BSC) component allows unauthenticated remote attackers to direct the ait-bsc process to append attacker-controlled binary data to arbitrary files on the host filesystem, limited only by the OS permissions of the running process. Affected are AIT-Core 3.1.0 and all 2.x versions before 2.6.1, exploitable via a direct HTTP request if the BSC port is network-accessible or via a browser-based CSRF attack that works even against localhost-bound deployments. Publicly available exploit code exists (python_poc.py, attacker_tcp.py, and test1.html), though no CISA KEV listing was identified at time of analysis.
Path traversal vulnerabilities in Flux source-controller (CWE-23) expose two distinct attack surfaces on the controller pod. In the Bucket reconciler, an actor who can influence object keys in a referenced bucket can cause source-controller to write fetched data to arbitrary paths on the pod filesystem, escaping the per-reconciliation working directory sandbox. Separately, authenticated Kubernetes users with GitRepository create/update RBAC permissions can exploit the sparse-checkout feature (v1.6.0+) to enumerate file paths on the controller pod via the resource's status field. Both issues are patched in source-controller v1.8.5; no public exploit has been identified at time of analysis and this CVE is not listed in CISA KEV.
Remote code execution in DbGate versions 7.1.8 and earlier allows network-adjacent attackers to achieve full container compromise via a Zip Slip flaw in the archive unzip endpoint. Because the default Docker deployment runs as root and the bundled 'none' authentication provider issues JWT tokens without credentials, any attacker reachable on the network can upload a malicious ZIP that writes files anywhere on the filesystem, including cron entries for code execution. Publicly available exploit code exists in the GHSA advisory itself, and an upstream patched release (7.1.9) is available.
Path traversal in NocoDB allows authenticated users with base-create permission to point a SQLite data source at any file readable or writable by the NocoDB server process, including its own internal state databases. The flaw exists in the SQLite client and base/integration create services, which accept a caller-supplied filename and pass it directly to filesystem calls without any path restriction or canonicalization. An attacker exploiting this can read or overwrite `noco.db`, tenant databases under `nc_minimal_dbs/`, or any other file accessible to the NocoDB process - enabling full internal state disclosure, cross-tenant data access, and destructive modification. No public exploit has been identified at time of analysis, and a vendor-released patch exists in version 2026.05.1.
Path traversal in Siderolabs Omni's `CreateSchematic` gRPC endpoint allows an authenticated Operator to force the server to issue HTTP GET requests to arbitrary paths on the configured image-factory host by injecting `../` sequences into the `TalosVersion` field. The CVSS score of 2.7 (PR:H, C:L) reflects that exploitation requires a high-privilege Operator credential and yields only limited confidentiality impact - error body content from unintended image-factory endpoints is reflected back to the caller. No public exploit or CISA KEV listing exists at time of analysis, placing this in a low-priority patch tier for most deployments.
Unauthenticated arbitrary file read in Lyrion Music Server 9.2.0 allows remote attackers to retrieve sensitive files from the host by manipulating directory traversal sequences in file path parameters handled by the embedded web server. The flaw is network-reachable with no authentication or user interaction required, and publicly available exploit code exists via the Zero Science Lab advisory ZSL-2026-5992. No CISA KEV listing or EPSS score was provided, so widespread opportunistic exploitation has not been confirmed, but the low barrier to abuse makes opportunistic scanning likely.
Arbitrary file write in the npm decompress package (all versions) exploits a second-generation Zip Slip bypass that circumvents protections introduced in the CVE-2020-12265 fix. By crafting a ZIP archive where a symlink entry and a same-named regular file share an identical path, an attacker leverages microtask scheduling order to write file contents through the unresolved symlink to arbitrary locations outside the extraction output directory, creating a realistic path to remote code execution. Publicly available exploit code exists per the E:P temporal modifier and a published PoC Gist, elevating real-world concern especially for applications processing untrusted archives in automated pipelines.
Directory traversal in the OpenDaylight Controller v12.0.5 cluster-admin:backup-datastore component allows unauthenticated remote attackers to read arbitrary files outside the intended backup directory via a crafted request. A public proof-of-concept exists on GitHub (majdlatah/ODL-Path-Traversal), though no active exploitation has been reported and EPSS scoring places real-world exploitation probability at the 16th percentile.
Information disclosure in Hermes WebUI before v0.51.221 allows authenticated remote attackers to read arbitrary files outside the designated workspace by placing symlinks that resolve to external host paths and accessing them through the workspace file or listing APIs. Because the vulnerable code only blocked raw '..' traversal and a small denylist of system directories rather than enforcing that resolved targets stay within the workspace root, attackers can disclose sensitive host content such as SSH keys, cloud credentials, and application tokens. No public exploit identified at time of analysis, but the patch and a VulnCheck advisory are published and the fix is straightforward to reverse-engineer from the upstream commit.
Command injection in stata-mcp (MCP-for-Stata) versions prior to 1.17.3 allows attackers to execute arbitrary Stata commands - including the `shell` directive - by supplying a crafted `log_file_name` parameter to the `stata_do` MCP tool or CLI. The flaw bypasses the existing `GuardValidator` security control, which only inspects do-file content and never examines wrapper parameters, enabling remote code execution and arbitrary file writes via path traversal. Publicly available exploit code exists in the GHSA advisory PoC, though no public exploit identified at time of analysis indicates in-the-wild abuse.
Path restriction bypass in SingularityCE allows local authenticated low-privilege users to execute containers from directories whose names share a string prefix with administrator-configured allowed paths, defeating the `limit container paths` security control in setuid mode. The flaw exists only when this directive is actively configured in `singularity.conf`; installations not using the directive are entirely unaffected per the vendor advisory. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.
Path traversal in CPython's tarfile module allows malicious tar archives to bypass the data_filter safety mechanism and write files to arbitrary locations outside the intended extraction directory. When an application or user calls tarfile.extractall() with the data filter active, specially crafted symlinks using empty names, directory-like names, or trailing slashes can redirect subsequent archive members through attacker-controlled paths, subject to the permissions of the extracting process. No public exploit has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, but the attack vector is network-accessible and requires only that a victim initiate extraction of a crafted archive (UI:A).
Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Path traversal in Tautulli's cache deletion API endpoint allows authenticated low-privilege users to delete arbitrary directories outside the configured cache root, resulting in arbitrary data loss and service disruption. All Tautulli versions prior to 2.17.1 are affected; the vendor-confirmed fix is v2.17.1 (released 2026-05-04). The CVSS 4.0 E:P modifier confirms proof-of-concept exploit code exists, and no public exploit identified at time of analysis rises to CISA KEV-confirmed active exploitation.
Local privilege abuse in the Acer Connect M6E 5G Portable WiFi Router lets installed applications smuggle raw AT commands across the Android system Binder boundary, where they are forwarded to the cellular baseband without verification. Up to and including firmware M6E_AI_1.00.000019, low-privileged local apps can read sensitive baseband files (IMSI, configuration blobs) and disable cellular connectivity, with no public exploit identified at time of analysis and no CISA KEV listing.
Server-Side Request Forgery and path traversal in docling-core versions 1.5.0 through 2.74.0 allow remote attackers to coerce the library into writing files outside the user-defined cache directory by manipulating server-controlled Content-Disposition headers when applications fetch untrusted URLs. The flaw stems from insufficient validation of remote request destinations combined with unsafe resolution of server-supplied filenames. No public exploit identified at time of analysis, but the network-reachable, unauthenticated nature of the bug (CVSS 8.6) makes it a meaningful supply-chain concern for Python applications integrating docling-core for document processing.
Path traversal and SSRF in Docling's HTML backend allow attackers to coerce the document processor into reading local files, contacting internal network resources, and consuming unbounded resources when a crafted HTML document is processed with non-default fetch flags enabled. The flaw affects the docling Python package prior to 2.94.0 and stems from missing validation of file:// URIs, relative/absolute paths, HTTP redirects, and download sizes; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Path traversal in Docling's LaTeX backend (pip/docling versions 2.73.0 through 2.90.x) allows an attacker who supplies a crafted LaTeX document to read arbitrary files accessible to the conversion process via the \includegraphics, \input, and \include command handlers. With a high confidentiality impact (C:H) but local attack vector and required user interaction (AV:L/UI:R per CVSS), the practical risk is concentrated in automated document-processing pipelines or services that ingest untrusted .tex files. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV. A vendor-released patch exists as of version 2.91.0.
Path traversal (Zip Slip) in IBM's Docling document processing library before v2.91.0 allows arbitrary file write when the EasyOCR model download function extracts ZIP archives without validating member paths. An attacker who can intercept or substitute the model download source (via MITM, DNS spoofing, or upstream supply-chain compromise) can drop files anywhere the process can write, leading to RCE or persistence. No public exploit identified at time of analysis and the vulnerability is not on the CISA KEV list.
Arbitrary file write on OpenStack Ironic conductor nodes is achievable via path traversal in virtual media ISO handling (OSSA-2026-018). Authenticated attackers who can supply a malicious ISO image through the deploy_iso_href parameter can write files to arbitrary locations on the conductor host, constrained only by the ironic-conductor process's filesystem permissions. No public exploit has been identified at time of analysis, and active exploitation has not been confirmed by CISA KEV, but the vulnerability carries a CVSS 3.1 score of 6.5 and is rated Critical severity by the Ironic project.
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity.
Path traversal in MBS industrial gateway products (Single-A, Double-A, Single-X, Double-X series) allows authenticated remote attackers to read arbitrary files on the device via the ugw-logread method. CVSS 4.0 score of 8.7 reflects network-reachable exploitation with only low-privilege user credentials needed, exposing potentially sensitive configuration, credential, and operational data on industrial protocol gateways. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Unauthorized file or directory access in ABB T-MAC Plus version 4.0-24 allows authenticated remote attackers to read, modify, or otherwise interact with resources that should not be externally reachable, with CVSS 4.0 scoring 7.3 due to high confidentiality and availability impact plus scope change to subsequent systems. The flaw is classified under CWE-552 (Files or Directories Accessible to External Parties) and was disclosed by ABB itself. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Arbitrary file read via path traversal in alf.io's extension sandbox allows a high-privileged user to silently exfiltrate any file accessible to the JVM process to an attacker-controlled server. All versions prior to 2.0-M5-2606 automatically inject an unrestricted `simpleHttpClient` into every extension script scope, where `postFileAndSaveResponse()` constructs a raw `FileInputStream` from a caller-supplied path with no validation, directory restriction, or allowlist. No public exploit identified at time of analysis; the PR:H CVSS prerequisite (extension management rights) meaningfully constrains the attack surface but does not eliminate risk, particularly in multi-tenant or insider-threat scenarios.
Arbitrary file disclosure in BrowserStack Runner versions through 0.9.5 allows unauthenticated network-adjacent attackers to read sensitive files outside the project root by abusing a path traversal flaw in the default HTTP handler of lib/server.js. Because the embedded test server binds on all interfaces by default, any attacker on the same network segment (Wi-Fi, VLAN, or shared LAN) can retrieve source code, credentials, or environment files. No public exploit identified at time of analysis, but a GitHub Security Advisory (GHSA-8rpw-6cqh-2v9h) has been published.
Arbitrary recursive directory deletion in Gleam's dependency management (versions 0.18.0-rc1 through 1.16.x) is triggered when a developer runs 'gleam deps download' against a project whose normally-gitignored build/packages/packages.toml has been seeded with path traversal sequences as package keys. The compiler-cli reads these keys without validation, constructs a filesystem path via paths.build_packages_package(), and passes it directly to fs::delete_directory (Rust's remove_dir_all), allowing sequences such as '../../' or absolute paths to escape the intended build/packages/ directory and destroy arbitrary directories on the victim's machine. No public exploit has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog; the fix commit and GitHub Security Advisory GHSA-jqvf-f6p2-wrv3 confirm the issue and its resolution.
Path traversal in Gleam's documentation build tooling allows arbitrary file read and write on a developer's workstation when gleam docs build is run against a malicious project. The documentation.pages[].source and documentation.pages[].path fields in gleam.toml accept unsanitized filesystem paths, enabling an attacker who controls gleam.toml content to exfiltrate local files (embedded into generated docs artifacts) or write generated files to arbitrary locations outside build/dev/docs/. Affected versions span only Gleam 1.16.x; no public exploit identified at time of analysis and no KEV listing, but the attack surface is any developer who clones and builds documentation for an untrusted Gleam project.
Arbitrary file write in Collibra Agent's restore handler allows remote unauthenticated attackers to drop files outside the intended extraction directory by submitting a crafted ZIP archive that abuses unsanitized path entries during extraction. The flaw affects multiple Collibra Platform SaaS and on-premises release trains and carries a CVSS 3.1 score of 7.5 (integrity-only impact). No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV, but a vendor patch is available.
Path traversal in Jupyter Server 2.17.0 allows authenticated users to read and write files in sibling directories outside the configured root, via a flawed startswith() boundary check in _get_os_path() combined with to_os_path() failing to strip '..' sequences. With CVSS 8.1 (high confidentiality and integrity impact) and a publicly available proof-of-concept disclosed through huntr, the issue is particularly dangerous in shared/multi-tenant hosting where multiple Jupyter instances share a parent directory. EPSS is currently low (0.05%), and there is no public exploit identified at time of analysis beyond the huntr POC reference.
Path traversal in VIVOTEK FD8136-VVTK firmware 0300a exposes the full device filesystem to authenticated low-privilege attackers via the /admin/downloadMedias.cgi endpoint. An attacker holding any valid credential can craft a request with directory traversal sequences to read arbitrary files - including configuration data, credentials, or private keys stored on the device. No confirmed active exploitation (not in CISA KEV), but a vulnerability research repository on GitHub exists for this CVE, and EPSS is very low at 0.02%, suggesting limited widespread attacker awareness at time of analysis.
Path traversal in Android's PackageInstallerService allows a local, unprivileged attacker to redirect a Device Policy Controller (DPC) installation into an unintended filesystem directory via a crafted install session, enabling local escalation of privilege on Android 14 through Android 16. No public exploit code has been identified at time of analysis, and EPSS at 0.01% (1st percentile) reflects minimal observed exploitation probability. The local attack vector (AV:L) constrains real-world exposure to scenarios where the attacker already has physical or application-level access to the device, materially limiting the attack surface compared to network-exploitable flaws.
Path traversal in Banana Slides through 0.4.0 allows unauthenticated remote attackers to read arbitrary image-format files outside the uploads directory via the generate_image() function in the AI service backend. The flaw stems from an incomplete prefix check using os.path.startswith() without a trailing separator, letting sibling directories whose names share the uploads folder prefix bypass containment. Publicly available exploit code exists (GitHub issue #429), and a vendor patch has been released in commit e8bc490.
Arbitrary file write in F5-TTS through 1.1.20 allows unauthenticated remote attackers to create directories and write attacker-controlled JSON anywhere the server process has write access by abusing unsanitized project_name parameters in the finetune Gradio interface. The flaw stems from passing user input directly to os.path.join() - supplying an absolute path bypasses the intended base directory entirely. Publicly available exploit code exists, and an upstream patch has been merged via PR #1294.
Path traversal in ishayoyo excel-mcp (all versions through 1.0.2) allows remote low-privileged attackers to read or write arbitrary files on the host system by manipulating the filePath or outputPath arguments passed to the read_file and write_file MCP tool handlers in src/index.ts. The CVSS 4.0 score is 2.1 (Low), but a publicly available proof-of-concept exploit exists via a GitHub issue disclosure, and no vendor patch has been released - the maintainer has not responded to the responsible disclosure report. No public exploit identified as confirmed actively exploited (CISA KEV) at time of analysis.
Broken share revocation in Nextcloud Forms versions 4.3.0 through 5.2.7 leaves former collaborators with persistent read access to uploaded respondent files after removal. The vulnerability stems from a two-layer share architecture where removing a collaborator deleted the Forms-layer share record but silently preserved the underlying Nextcloud Files-layer share on the uploaded files folder - meaning removed users retained filesystem-level access to sensitive form submission files. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV, but the low-complexity network vector (CVSS AV:N/AC:L/PR:N/UI:N) means a removed collaborator can exploit this passively without any additional action.
Path traversal in Nextcloud Server 31.x and 32.x allows authenticated non-admin users to copy arbitrary server-side files into their own Nextcloud storage directory when an administrator has configured the `{lang}` placeholder in the template directory config value. The root cause is insufficient sanitization of the `forceLanguage` HTTP request parameter and the `ACCEPT_LANGUAGE` header in `lib/private/L10N/Factory.php`, which were used unsanitized in filesystem path construction. No public exploit identified at time of analysis, though a HackerOne report (3468140) exists; CVSS scores this as Medium (4.4) due to high complexity and privilege preconditions, and impact is limited to confidentiality with no code execution possible.
Path traversal in Rocketgenius Gravity Forms (WordPress plugin) versions up to and including 2.10.0.1 enables remote attackers to perform arbitrary file deletion on the underlying server, as catalogued in the Patchstack advisory referenced by NVD. The CVSS 9.6 score reflects a scope-changing impact reachable over the network with low complexity and no authentication, though successful exploitation requires user interaction. No public exploit has been identified at time of analysis and the issue is not present in CISA KEV.
Path traversal in whatsapp-mcp 0.0.1 exposes arbitrary server files to authenticated adjacent-network attackers via the `mediaPath` argument of the Send API endpoint (`/api/send`). The `sendWhatsAppMessage` function in `whatsapp-bridge/main.go` passed the caller-supplied path directly to `os.ReadFile()` without sanitization, allowing traversal sequences to reference files outside any intended directory. A proof-of-concept exploit has been publicly disclosed (CVSS 4.0 E:P), though no active exploitation is confirmed and no CISA KEV listing exists. The overall CVSS 4.0 score of 2.0 reflects narrow real-world impact: adjacent-network exposure only, low confidentiality loss, and no integrity or availability impact.
Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Path traversal in the Classified Listing WordPress plugin (versions through 5.3.8) enables authenticated low-privileged users to download arbitrary files from the server filesystem. The vulnerability, reported by Patchstack as an arbitrary file download flaw, exposes full confidentiality impact (C:H) with no integrity or availability consequence, meaning attackers can exfiltrate sensitive server files - including wp-config.php, credentials, or private data - but cannot modify or destroy them. No active exploitation is confirmed and no public exploit code has been identified at time of analysis.