Path Traversal

Arbitrary file write in compliance-trestle's `trestle author jinja` command allows a local user supplying a crafted `-o/--output` argument to write files anywhere the invoking user can write, due to missing validation of `../`, `..\`, and absolute paths. Affected versions are <= 3.12.1 and >= 4.0.0, < 4.0.3, with fixes in 3.12.2 and 4.0.3. No public exploit identified at time of analysis, though the GitHub Security Advisory (GHSA-4q5v-7g7x-j79w) includes a full reproducer; CVSS 8.4 reflects high impact on confidentiality, integrity, and availability.

Arbitrary file read in IBM's compliance-trestle Python library allows any file accessible to the running process to be extracted by supplying a malicious OSCAL profile YAML with path traversal sequences in the imports[].href field. Three confirmed attack vectors exist: via the trestle:// URI scheme, via relative href paths, and via back_matter rlinks - all exploiting the same root cause in LocalFetcher. Publicly available exploit code (PoC) exists demonstrating extraction of /etc/passwd, cloud credential files, and SSH private keys; no CISA KEV listing is confirmed at time of analysis.

Virtual machine escape in Canonical Multipass before 1.16.3 allows a root user inside a guest VM to read arbitrary files on the host filesystem by bypassing the host-side sshfs_server path containment. The flaw lives in the validate_path function (CWE-22 path traversal), which uses naive string prefix matching and accepts dot-dot sequences. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV, though the technical write-up in the GHSA advisory provides enough detail to make exploitation reproducible.

Path traversal in Apache Ignite 2.0.0 through 2.17.0 lets authenticated REST API users read arbitrary files on the server by abusing the 'cmd=log' command with a crafted log path parameter. The flaw allows any low-privileged API user to escape the intended log directory and access sensitive files such as configuration, credentials, or keystores, with no public exploit identified at time of analysis.

Arbitrary file read in KubeVirt's virt-exportserver component allows authenticated namespace users to exfiltrate sensitive files from the exporter pod via symlink-based path traversal in the VMExport directory endpoint. The flaw, reported by Red Hat and impacting Red Hat OpenShift Virtualization 4, carries a CVSS 7.7 score driven by scope change and high confidentiality impact, though no public exploit identified at time of analysis.

Arbitrary file deletion in the WP Contact Form 7 DB Handler WordPress plugin (versions up to and including 3.0) can be achieved by chaining CSRF, UNION-based SQL injection, and PHP object deserialization. A remote unauthenticated attacker who lures a logged-in administrator to a malicious page can delete arbitrary server files, including wp-config.php, which typically forces the site into a re-installation state and enables full site takeover. No public exploit identified at time of analysis, though Wordfence's detailed write-up effectively documents the exploit chain.

Local privilege escalation in Acer NitroSense software versions prior to 3.01.3052 allows any authenticated local user to delete arbitrary files with SYSTEM authority by abusing a weakly-ACL'd Named Pipe exposed by the PSAdminAgent service. No public exploit has been identified at time of analysis, but the issue was disclosed by Acer themselves and a patched version is available.

Arbitrary file write in the compliance-trestle Python library (versions 4.0.0-4.0.2 and any release below 3.12.2) lets an attacker who controls a referenced OSCAL artifact plant attacker-supplied content anywhere the trestle process can write. The HTTPSFetcher and SFTPFetcher cache layer builds the local cache file path directly from the URL path component, so when trestle imports a remote OSCAL profile whose href contains `../` traversal the fetched HTTP/SFTP response body escapes the .trestle cache directory; overwriting files such as /etc/cron.d entries, ~/.ssh/authorized_keys, or a module on sys.path turns the primitive into code execution. A reproducible public proof-of-concept exists in the GHSA advisory (GHSA-g3vg-vx23-3858); the flaw is not listed in CISA KEV and no CVSS or EPSS scoring is provided, but the maintainers have shipped fixes in 4.0.3 and 3.12.2.

Path traversal write in Microsoft UFO (build 3.0.1-4-ge2626659) lets an authenticated client smuggle directory-traversal sequences (e.g. ../) inside the user-controlled task_name value, which UFO concatenates directly into session log paths, causing it to create directories and write log files anywhere the process can reach outside the intended logs/ directory. The CVSS 8.1 (CWE-22) rating reflects high integrity and availability impact with no confidentiality loss, consistent with arbitrary file/directory creation rather than data theft. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the only available source is the vendor GitHub Security Advisory GHSA-whcg-fgpx-76f2.

Path traversal in AsyncSSH 2.22.0's AuthorizedKeysFile %u token expansion allows an unauthenticated remote attacker to bypass SSH public-key authentication by supplying a crafted username containing directory traversal sequences. Servers configured with per-user key patterns such as AuthorizedKeysFile authorized_keys/%u are vulnerable when an attacker can place or reference a readable authorized-keys-format file at a filesystem path reachable by traversal from the configured directory. Publicly available exploit code exists demonstrating successful authentication bypass; KEV status is not confirmed at time of analysis.

Information disclosure via path traversal in Gladinet Triofox lets remote unauthenticated attackers read arbitrary files on the server by sending crafted requests whose URL path begins with /woshome, which are handled by the WOSDefaultHttpModule.dll component. The CVSS 7.5 scoring (confidentiality-only impact) reflects unrestricted file read without code execution or service disruption. No public exploit has been identified at time of analysis, and the issue was reported by Tenable rather than appearing in CISA KEV.

Arbitrary file write in Mattermost Plugins (versions ≤1.1.5) lets an administrator of a remote, federated Mattermost server plant files at attacker-chosen paths inside the target server's filestore by supplying a malicious, unsanitized filename through the shared-channel attachment sync protocol. The flaw stems from CWE-22 path traversal in the export-path construction logic and carries CVSS 8.0 with a changed scope, reflecting that a compromised or hostile federation peer can affect resources beyond the plugin's intended boundary. There is no public exploit identified at time of analysis, and CISA's SSVC framework records exploitation status as 'none' but technical impact as 'total'.

Unauthorized file disclosure in Taipy 4.1.1 lets remote unauthenticated attackers read files outside an extension library's intended directory through the GUI ElementLibrary.get_resource() resource handler. The containment check used str.startswith() without a trailing separator, so a crafted request with traversal segments can resolve into a prefix-matching sibling directory on disk while still passing the flawed check. Impact is confined to confidentiality (file read), with no public exploit identified at time of analysis and no CISA KEV listing.

Arbitrary file read in Agent Zero before version 1.15 lets remote unauthenticated attackers retrieve files outside the agent workspace through the image-serving API (api/image_get.py), which validates only the file extension while the directory-containment check is commented out. Any file readable by the process and bearing an allowed image extension can be disclosed, and symlinks can be abused to reach non-image targets because the path is never canonicalized. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; EPSS data was not provided.

Path traversal in the asperahttpd HTTP component of IBM Aspera High-Speed Transfer Endpoint and Server (versions 3.7.4 through 4.4.7 Fix Pack 1) enables authenticated network users to read arbitrary files from the server's local filesystem beyond their authorized scope. The vulnerability is classified CWE-22 and carries a CVSS 6.5 medium score, reflecting high confidentiality impact with no integrity or availability exposure. No public exploit identified at time of analysis, and CISA's SSVC framework rates exploitation status as none with partial technical impact, suggesting limited immediate threat despite the sensitive nature of file read primitives in a file-transfer product.

Remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.1 lets unauthenticated network attackers run arbitrary code by abusing how the platform handles symbolic links while unpacking uploaded archives. Because extraction does not properly validate symlink targets, a crafted archive can write files outside the intended directory and ultimately achieve code execution on the host. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and is reachable without authentication or user interaction, though no public exploit identified at time of analysis.

Directory traversal in IBM InfoSphere Optim Test Data Fabrication (versions 1.0.0 through 1.0.2.7) lets a remote, unauthenticated attacker read arbitrary files from the host by sending a crafted URL containing '../' sequences. The flaw is purely an information-disclosure issue - confidentiality is impacted with no integrity or availability effect - and CVSS rates it 7.5 (High). There is no public exploit identified at time of analysis, and CISA's SSVC framework records exploitation status as none, though it flags the issue as automatable.

Path traversal in the WebinarIgnition WordPress plugin (Saleswonder Team: Tobias) affects all versions up to and including 4.08.253 and allows authenticated low-privilege users to manipulate file paths outside the intended plugin directory. The linked Patchstack advisory characterizes the concrete impact as arbitrary file deletion, which can corrupt the WordPress installation or enable further compromise. EPSS probability is very low (0.05%, 15th percentile) and there is no public exploit identified at time of analysis, despite the 9.9 CVSS score.

Path traversal in the QuickWebP WordPress plugin (versions up to and including 3.2.7) allows authenticated low-privilege users to manipulate file paths and delete arbitrary files on the server, per the Patchstack advisory titling this an arbitrary file deletion flaw. With a CVSS of 9.9 and a changed scope, deletion of sensitive files such as wp-config.php can cascade into full site compromise. There is no public exploit identified at time of analysis.

Path traversal in the VikBooking Hotel Booking Engine & PMS WordPress plugin (e4jvikwp) through version 1.8.9 allows remote unauthenticated attackers to delete arbitrary files on the host. The CVSS vector (A:H only, with C:N/I:N) and the Patchstack reference title both indicate the concrete impact is arbitrary file deletion rather than data disclosure, which can corrupt or take down the WordPress site. No public exploit has been identified and the EPSS score is very low (0.05%, 15th percentile), indicating this is not yet being broadly exploited despite the high 8.6 CVSS rating.

Path traversal in BOSH Director allows a compromised BOSH agent to cause the Director to read and delete arbitrary files outside the blobstore root on the Director host filesystem. When the Director processes long-running operations such as compile_package and is configured with the local blobstore provider, agent-supplied blob IDs in the reply JSON are passed unmodified into filesystem path construction, enabling traversal strings like '../../jobs/director/config/director.yml' to resolve to sensitive files. No public exploit exists and no active exploitation has been identified; the CVSS 4.0 score of 4.3 reflects the significant prerequisite barriers including high privilege requirements and a specific non-default configuration.

Arbitrary file creation outside the intended temporary directory affects the tmp npm package in all versions prior to 0.2.6, where attacker-controlled data flowing into the prefix, postfix, or dir options can break out of the temp base path. Because the library composes paths with path.join() and never validates that the result stays within the configured tmpDir, traversal sequences (../) or absolute paths let a caller write files to arbitrary locations with the process's privileges. Publicly available exploit code exists in the GitHub advisory (GHSA-ph9p-34f9-6g65); there is no evidence of active exploitation (not in CISA KEV) and no EPSS score was provided.

Server-side request forgery in GitHub Enterprise Server lets an unauthenticated attacker coerce the appliance into issuing crafted requests to internal services, reachable through an upload endpoint that fails to validate input. By injecting path-traversal content into request parameters, an attacker can redirect internal API calls to reach back-end services and harvest sensitive credentials. No public exploit identified at time of analysis; the issue was reported through the GitHub Bug Bounty program and carries a CVSS 4.0 base score of 9.2 (Critical), though the vector flags high attack complexity and an extra attack requirement that temper real-world ease of exploitation.

Directory traversal in Northern.tech Mender Server allows a remote authenticated attacker to read files outside intended directory boundaries, resulting in limited confidentiality exposure. Affected versions include v4.1.0, v4.0.1, and all prior releases; patched versions v4.1.1 and v4.0.2 are available. No public exploit code and no active exploitation have been identified at time of analysis, and the low CVSS score of 3.1 reflects constrained real-world impact.

Pre-authentication path traversal in Kirby CMS versions 5.3.0 through 5.4.0 lets remote attackers manipulate the user ID used during account lookup to escape the site/accounts directory, enabling inclusion of arbitrary PHP files named index.php (such as plugin entrypoints) and probing for the existence of arbitrary server directories. The flaw is reachable through the unauthenticated authentication API and affects all Kirby sites on these versions regardless of configuration. The vendor rates it high (CVSS 8.8); there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses.  This lets a user with CR create permissions read files from the operator pod's filesystem and pull content from any backing store reachable through Flink's pluggable filesystem layer and access them through the submitted Flink job. Furthermore for fetching from http/https addresses there is currently no allowlist on the URI scheme, no host check, no IP-range restriction, and no protection against pointing the URI at internal or link-local addresses.This issue affects Apache Flink Kubernetes Operator: from 1.3.0 before 1.15.0. Users are recommended to upgrade to version 1.15.0, which fixes the issue.

Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the server. The issue was fixed in version 2026-04-23 of the KG-5260xxxx-IL-(G)2 cameras. Rest of the products were fixed in version 2025-04-21.

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.

Path traversal in NousResearch hermes-agent through version 2026.4.16 allows remote unauthenticated attackers to bypass path restrictions and modify or disrupt file operations via the read_file tool. The flaw exists in the _is_blocked_device function within tools/file_tools.py. Public exploit code is available (EPSS data not provided, but exploit confirmed). Vendor was notified but did not respond, suggesting no official patch exists at time of analysis.

Path traversal in Ubiquiti UniFi OS devices allows authenticated low-privileged network attackers to read arbitrary files on the underlying device filesystem, enabling disclosure of sensitive information such as configuration data, credentials, or cryptographic material. The flaw (CVSS 7.7, scope-changed) affects a broad fleet of UniFi gateways, cloud keys, NVRs, and NAS appliances. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlying system, which can then be leveraged to take over an underlying account. The flaw carries a maximum CVSS 10.0 score reflecting unauthenticated network exploitation with scope change and full confidentiality, integrity, and availability impact across a broad fleet of UniFi gateways, cameras, NVRs, and NAS appliances. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Directory Traversal vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the UserName parameter

Directory traversal in Follett Software's Destiny Library Manager 22_0_2_rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter

Arbitrary file write on the host in Boxlite sandbox service versions prior to 0.9.0 allows attackers to escape the OCI image extraction root via crafted symlink entries in layer tarballs, enabling remote code execution on the host (typically as root). Exploitation requires a user to pull and load a malicious OCI image distributed through registries such as DockerHub. Publicly available exploit code exists (vendor-published PoC); no public exploit identified in CISA KEV at time of analysis.

Path traversal in the Rust crate onenote_parser (versions before 1.1.1) enables an attacker who supplies a malicious `.onetoc2` notebook table-of-contents file to direct `Parser::parse_notebook` to open arbitrary files on the host filesystem outside the intended notebook directory. While direct content exfiltration is constrained by the parser aborting when a target file fails to parse as a OneNote section, file-existence probing and denial-of-service via large or special files (e.g., named pipes, device nodes) remain viable attack outcomes. No public exploit has been identified and no confirmed active exploitation exists; vendor-released patch version 1.1.1, published 2026-05-15, resolves the issue.

Authenticated remote code execution in Concrete CMS 9.5.0 and earlier allows an administrator with composer form editing privileges to chain a path traversal flaw in the ptComposerFormLayoutSetControlCustomTemplate field with the platform's permissive file uploader to execute arbitrary PHP on the server. The vendor scored this 9.4 (CVSS v4.0) reflecting high confidentiality, integrity, and availability impact across both the vulnerable component and downstream subsequent systems. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Path traversal in Mobile Verification Toolkit (MVT) pip/mvt versions through 2026.4.28 allows an adversary who delivers a crafted iOS backup to trigger arbitrary file writes or reads on the analyst's filesystem by embedding directory traversal sequences in fileID values within the backup's Manifest.db SQLite database. The decrypt-backup command can write attacker-controlled content to arbitrary writable paths - enabling shell profile modification or SSH key injection for code execution - while check-backup can read arbitrary host files into MVT's JSON and CSV forensic output. No public exploit has been identified at time of analysis; vendor-released patch v2026.5.12 is available.

Directory traversal in Trend Micro Apex One on-premise server (versions before 14.0.0.17079) enables a highly privileged local attacker to manipulate a key server table and inject malicious code that propagates to all managed endpoint agents, effectively weaponizing the EDR platform's own distribution infrastructure. The attack requires an adversary who has already obtained administrative credentials to the Apex One server through a separate compromise vector. No public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but the changed scope (S:C) in the CVSS vector signals that a successful exploit extends impact beyond the server itself to the entire managed agent fleet.

Remote code execution in the Trend Micro Apex One management console allows attackers with console access to upload malicious files via a path traversal flaw (CWE-22) and execute arbitrary commands on the server. The on-premises product (versions before 14.0.0.14136) is affected, while SaaS deployments have already been remediated by the vendor. No public exploit identified at time of analysis; the issue was responsibly disclosed through the Zero Day Initiative (ZDI-26-137).

Remote code execution in Trend Micro Apex One management console allows attackers with network access to the console to upload malicious files via a path traversal flaw (CWE-22) and execute arbitrary commands on affected installations. The on-premises Apex One 2019 (14.0) prior to 14.0.0.14136 is impacted, while the SaaS variant (below 14.0.20315) has already been mitigated by the vendor; no public exploit identified at time of analysis, though it was reported through the Zero Day Initiative.

Privilege escalation via path traversal in Mattermost collaboration platform allows authenticated users to invoke arbitrary internal APIs using the system administrator's auth token by manipulating integration action URLs. Affected branches include 11.6.x, 11.5.x, 11.4.x, and 10.11.x, with no public exploit identified at time of analysis. CVSS 8.0 reflects high impact across confidentiality, integrity, and availability despite high attack complexity and required user interaction.

Path traversal via extended attribute (ea) handling in Netatalk 2.1.0 through 4.4.2 allows authenticated remote attackers to access or modify files outside intended directories on AFP file shares. The flaw stems from incomplete input sanitization on the ea code path and is resolved in 4.4.3. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Path traversal in Frappe Learning Management System (LMS) versions 2.50.0 and below allows authenticated users with course-editing privileges to write arbitrary files outside the intended upload directory by uploading a maliciously crafted SCORM ZIP package. The CVSS 4.0 base score of 9.4 reflects high impact across confidentiality, integrity, and availability with scope change to subsequent systems, though exploitation requires low-privileged authentication. No public exploit identified at time of analysis.

Arbitrary file read in the Frappe full-stack web application framework allows remote unauthenticated attackers to retrieve files outside intended directories via path traversal sequences in affected versions prior to 15.105.0 and 16.15.0. The CVSS 4.0 base score of 8.7 reflects high confidentiality impact with no required privileges or user interaction, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV. Successful exploitation discloses sensitive server-side files such as configuration secrets, site keys, or credentials used by downstream ERPNext deployments.

Path traversal in XWiki Platform allows unauthenticated remote attackers to read arbitrary files on the server, including sensitive configuration like WEB-INF/xwiki.cfg, by abusing the resource parameter of the ssx and jsx endpoints with leading-slash prefixes. The CVSS 4.0 base score of 9.3 reflects network-reachable, no-privilege exploitation with high impact to confidentiality, integrity, and availability of the vulnerable component. No public exploit identified at time of analysis, though the GitHub Security Advisory includes a working URL pattern that effectively demonstrates the issue.

Arbitrary file read in Altium Enterprise Server on-premise deployments allows any authenticated low-privilege user to escape the configured storage root via URL-encoded absolute paths in the Viewer StorageController API, exposing the master configuration containing database credentials, signing keys, certificate passwords, and OAuth secrets. The CVSS 4.0 base score of 9.4 reflects scope change to confidential information enabling full server takeover; no public exploit identified at time of analysis, but the vendor (Altium) has released a fix and cloud-hosted tenants are unaffected because they do not use the local filesystem storage component.

Arbitrary file write in Altium Enterprise Server ComparisonService allows authenticated workspace users to escape the temporary upload directory and plant files anywhere on the host filesystem via crafted multipart Content-Disposition headers in the Gerber upload APIs. The flaw (CVSS 4.0 score 9.4, CWE-22) escalates to remote code execution by dropping payloads into web-accessible paths or overwriting service binaries, and a vendor patch is available. No public exploit identified at time of analysis.

Path traversal in NVIDIA BioNeMo Core for Linux allows remote attackers to escape intended directory boundaries when a user is induced to load a malicious file, enabling code execution, information disclosure, data tampering, or denial of service. The flaw carries a high CVSS score of 8.8 driven by network reachability and full CIA impact, though exploitation requires user interaction; no public exploit identified at time of analysis.

Denial of service in NVIDIA Triton Inference Server can be triggered remotely without authentication via a path traversal flaw (CWE-22), enabling unauthenticated network attackers to disrupt model-serving availability. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, and no public exploit has been identified at time of analysis.

Path traversal exploitation in NVIDIA Triton Inference Server enables unauthenticated remote attackers to cause denial of service by submitting crafted requests containing malicious path components. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms zero authentication or user interaction is required, making this broadly reachable from the network with low attack complexity. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog at time of analysis; however, the no-prerequisite attack profile warrants patching per NVIDIA's advisory at nvidia.custhelp.com.

{attachmentId}/upload-modified-file to stage a file, then GET from /api/attachments/{attachmentId}/download to retrieve its contents - effectively turns the attachment system into an unauthenticated file disclosure proxy once the initial write is performed. The CVSS Changed scope (S:C) reflects that exposed materials such as SSH keys, database credentials, and application configs can cascade into compromise of co-hosted services well beyond Trilium itself. No public exploit or CISA KEV listing has been identified at time of analysis.

Path traversal in pymdownx.snippets versions 10.0.1 through 10.21.2 allows unauthenticated remote attackers to read arbitrary files from sibling directories outside the configured base_path, bypassing the restrict_base_path protection intended by CVE-2023-32309. The bypass exploits a string-prefix comparison introduced in PR #2039 that lacks directory-boundary enforcement, enabling a crafted snippet directive like '--8<-- "../docs_secret/leak.txt"' to escape the configured base directory when sibling paths share the same string prefix. Publicly available exploit code (proof-of-concept) exists in the GitHub Security Advisory; the vulnerability is not confirmed actively exploited in the CISA KEV catalog at time of analysis.

Unauthenticated path traversal in AVideo's `view/img/image404Raw.php` allows any remote attacker to read arbitrary image files accessible to the PHP process, bypassing all application-layer ACLs that normally gate private user photos, admin thumbnails, and encrypted-video poster frames. The vulnerability affects all versions through the current master branch (commit 0dbadbcaaa1b415c7db078a72dc4b26d9fac0485) and all releases up to and including 29.0 (pkg:composer/wwbn_avideo). No vendor-released patch is currently available, and a working proof-of-concept is publicly disclosed in GHSA-w4qq-74h6-58wq, making this immediately actionable by any unauthenticated attacker with HTTP access to the deployment.

Arbitrary file write via path traversal in Mailpit's `dump --http` subcommand (versions < 1.30.0) allows any HTTP server impersonating a Mailpit instance to write attacker-controlled bytes to arbitrary paths outside the intended output directory. The attacker controls both the file path (via the message ID field in the JSON response) and the file contents (via the raw message body endpoint), enabling writes anywhere the dumping user has write permission - including cron jobs, shell startup files, and CI artifact directories. Publicly available exploit code exists (Python PoC published in GHSA-qx5x-85p8-vg4j); no confirmed active exploitation at time of analysis.

Path traversal in OpenZiti zrok allows a malicious WebDAV/zrok share operator to write files outside the victim's selected destination directory when the victim runs 'zrok2 copy' against the attacker-controlled share. Affected versions include zrok v2 prior to 2.0.3 and the legacy zrok 0.4.23 through 1.1.11 (no fix released for the legacy line). No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Path traversal in go-git allows crafted repository payloads to write files outside the intended checkout directory, including into the repository's .git directory and parent paths. The vulnerability stems from go-git failing to implement path validation checks that upstream Git adopted years ago, creating a drift-induced security gap across all supported platforms - with additional platform-specific attack vectors affecting Windows and macOS users distinctly. CVSS scores this at 5.4 medium with no public exploit identified at time of analysis and no CISA KEV listing, but the real-world risk is elevated in automated pipelines or developer tooling that processes untrusted repositories without human review.

Server-side request forgery in the zrok Python SDK's ProxyShare component (versions 0.4.47 through 1.1.11) allows remote unauthenticated users to redirect proxied requests to arbitrary hosts by submitting absolute URLs in the request path. Because the Flask handler concatenates user input with the configured target via urllib.parse.urljoin, an attacker (Bob) can replace the share owner's (Alice's) intended target with any host including internal cloud metadata endpoints, and the response is returned to the attacker. No public exploit identified at time of analysis, though the GitHub Security Advisory GHSA-jh67-hwqw-m5r7 documents the technique in detail.

Path traversal in the TYPO3 'Faceted Search' extension's file indexer exposes arbitrary server filesystem content to high-privileged backend users. Because the indexer does not normalize or canonicalize the configured directory path before use, a backend user holding the specific permission to edit indexer configurations can supply path traversal sequences to redirect indexing at sensitive locations outside the intended document root. The CVSS 4.0 score of 5.9 (Medium) reflects high confidentiality impact (VC:H) constrained by the requirement for high privileges (PR:H). No public exploit or CISA KEV listing exists at time of analysis.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request.

An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and bypass of authentication.

Log-volume denial of service in NiceGUI's dynamic static-asset routes allows remote unauthenticated attackers to flood server logs and exhaust disk or log-pipeline capacity. The two affected routes - the per-component resource route (introduced in v1.4.6) and the ESM module route (introduced in v3.0.0) - fail to distinguish directories from files before passing user-controlled paths to Starlette's FileResponse, triggering an unhandled RuntimeError that Uvicorn logs as a full multi-frame traceback (~100 lines per request). Versions up to and including 3.11.1 are affected; the fix is available in 3.12.0. No public exploit or CISA KEV listing has been identified at time of analysis. IMPORTANT: The provided tags (RCE, Path Traversal, Information Disclosure) are directly contradicted by the advisory, which explicitly states there is no remote code execution, no path traversal, and no data exposure - these tags should be treated as erroneous metadata.

Path traversal in Claude HUD through version 0.0.12 permits local low-privileged attackers to read arbitrary files by supplying a crafted `transcript_path` value via stdin JSON, bypassing all path validation. Beyond direct file read access, the application writes file metadata - including the accessed paths - to a persistent cache file with insufficiently restrictive permissions, leaving a forensic record readable by other local users that survives process termination. No public exploit code has been identified at time of analysis; CVSS 4.0 scores this 4.8 (Medium) reflecting local-only reach, and a vendor patch is available at commit 234d9aa.

Authenticated arbitrary file read in WWBN/AVideo's view/update.php exposes any text file readable by the web-server process to admin-level users via path traversal. The $_POST['updateFile'] parameter is concatenated directly into a filesystem path under updatedb/ without sanitization, allowing an authenticated administrator to supply sequences like '../../../../etc/passwd' and have PHP's file() function return the contents line-by-line in the migration-runner HTML response. A proof-of-concept exploit is publicly documented in GitHub Security Advisory GHSA-3mjv-375j-6h92; no patched release has been issued for any version through 29.0 as of analysis time, and no public exploit identified at time of analysis as actively exploited by CISA KEV.

Path traversal in steipete/summarize prior to 0.15.1 lets authenticated callers of the /v1/summarize daemon endpoint write slide_*.png and slides.json files to arbitrary directories by supplying an absolute path or traversal sequences in the slidesDir parameter, and subsequently delete matching files via repeat extraction. The flaw, reported by VulnCheck and patched in v0.15.2, enables file write and limited destructive impact across the filesystem; no public exploit identified at time of analysis.

Arbitrary file deletion in DumbAssets through 1.0.11 lets unauthenticated remote attackers destroy any file the Node.js process can write to by submitting `../` sequences in the `filesToDelete` array of the `POST /api/delete-file` endpoint. Because authentication on the application is optional and disabled by default, exposed instances can be rendered completely non-functional by deleting critical files such as `server.js` or `package.json`. No public exploit identified at time of analysis, and the CVE is not currently on the CISA KEV list.

Arbitrary directory deletion in CloakBrowser's cloakserve CDP multiplexer (pip package cloakbrowser <= 0.3.27) allows remote unauthenticated attackers to traverse out of the configured data_dir via a crafted fingerprint query parameter, causing shutil.rmtree() to delete directories owned by the service user. The default 0.0.0.0 bind exposes the service to any reachable network, amplifying impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Prototype pollution in the npm package parse-nested-form-data version 1.0.0 and earlier allows unauthenticated remote clients to mutate Object.prototype of the running Node.js process by submitting a FormData field whose name contains __proto__ in bracket or dot notation. The flaw resides in handlePathPart in src/index.ts, which walks nested path segments without filtering reserved keys, so a single crafted field name pollutes the prototype chain of every plain object in the process. No public exploit identified at time of analysis, but a working proof-of-concept is published in the GHSA advisory itself.

{id}/volumes/{volumeName}/browse`. The path sanitizer at `volume_service.go:1448-1467` blocks only `../` traversal and passes shell substitution sequences through unchanged; `strconv.Quote` wraps the path in Go-style double quotes, which POSIX `sh` still interprets as a command-substitutable string, causing the injected command to execute and its output to be reflected in the HTTP 500 error body. No vendor-released patch exists at time of analysis; publicly available exploit code is embedded in the GHSA advisory (GHSA-9mvm-4gwg-v8mp) and no confirmed active exploitation (CISA KEV) has been reported.

Path traversal in Dify versions 0 through 1.14.1 allows authenticated tenants to escape their authorized tenant path and reach the Plugin Daemon's internal REST API, including debug interfaces, by smuggling unencoded dot sequences through task identifiers or filename parameters. Because Dify Cloud permits unauthenticated free self-registration, the authentication barrier collapses to trivial account creation, and publicly available exploit code exists; the attacker only needs the victim tenant's UUID to pivot. CVSS 4.0 is rated 9.2 with high confidentiality and integrity impact.

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.

Path traversal in opensourcepos Open Source Point of Sale versions 3.4.0 through 3.4.2 allows authenticated remote attackers to read arbitrary image files outside the intended directory via manipulated pic_filename parameters in the getPicThumb controller function. The vulnerability has CVSS 5.3 (Medium) with low attack complexity requiring only low-privilege authentication. Vendor-released patch available via GitHub commit def0c27a0e252668df8d942fc31e16d1edfd7323. No public exploit or active exploitation confirmed at time of analysis, though the fix is publicly documented with code diff showing the vulnerable parameter handling.

The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file path, allowing authenticated users to perform Local File Inclusion attacks.

Unauthenticated path traversal in HSC MailInspector 5.3.3-7 allows remote attackers to read arbitrary files from the underlying operating system by manipulating the 'text' parameter of the /tap/dw.php endpoint. Public exploit details are disclosed on GitHub (sql3t0/cve-disclosures), though EPSS probability remains low (0.05%) and the issue is not currently listed in CISA KEV. The flaw enables disclosure of sensitive system files such as configuration files, credentials, and mail-related data without prior authentication.

Arbitrary file disclosure in HSC MailInspector v5.3.3-7 allows unauthenticated remote attackers to read sensitive files from the host via a path traversal flaw in the exposed /vendor/phpunit/phpunit.php endpoint. The CVSS 7.5 rating reflects high confidentiality impact with no required privileges or user interaction, though EPSS remains very low at 0.05% (15th percentile) and there is no public exploit identified at time of analysis. The exposure of a PHPUnit development artifact in a production path mirrors a long-standing class of PHP supply-chain misconfigurations.

Path traversal in Continue 1.2.22 and earlier allows local authenticated attackers to read arbitrary files on the host system via crafted dirPath parameters to the lsTool function in the JSON-RPC server. The vulnerability has a publicly available exploit (GitHub Gist) but CVSS base score of 3.3 (Low) reflects limited impact due to local access requirement, low privilege requirement, and confidentiality-only impact with no integrity or availability consequences. EPSS data unavailable; not listed in CISA KEV, indicating no confirmed widespread exploitation.

Path traversal in Kilo-Org kilocode's File Diff API Endpoint allows authenticated remote attackers to read arbitrary files outside intended directories. Affecting versions up to 7.0.47, the vulnerability exploits insufficient validation of file path arguments in the Bun.file function within the worktree-diff component. Public exploit code exists (EPSS probability and KEV status not provided), and the vendor has not responded to disclosure attempts, leaving users without vendor-confirmed remediation guidance.

Path traversal in fishaudio Bert-VITS2's Gradio web interface allows remote unauthenticated attackers to read or write arbitrary files on the server filesystem via the generate_config function's data_dir parameter. Public exploit code exists (disclosed via VulDB and GitHub Gist). EPSS data unavailable; CVSS 5.5 (Medium) but CVSS 4.0 vector shows network-accessible, no authentication required (AV:N/PR:N), making this readily exploitable against any internet-exposed instance. Vendor non-responsive to early disclosure attempt, indicating no official patch available.

Path traversal in fishaudio Bert-VITS2's hiyoriUI.py allows unauthenticated remote attackers to access arbitrary files outside the intended model directory via the _get_all_models function. Public exploit code exists (GitHub Gist). The project uses rolling releases with no versioned patches, and the vendor has not responded to disclosure attempts. EPSS data unavailable; not listed in CISA KEV, suggesting limited real-world exploitation despite public POC.

Path traversal in adenhq Hive versions up to 0.11.0 allows unauthenticated remote attackers to read arbitrary files via the _read_events_tail function in the Delete Request Handler. This network-accessible vulnerability requires no user interaction and has a publicly available proof-of-concept exploit. The vendor has not responded to disclosure attempts, leaving users without an official patch. EPSS data unavailable; CVSS 5.5 reflects limited confidentiality/integrity impact but ease of exploitation warrants prioritization for internet-facing deployments.

Path traversal in AstrBot dashboard file upload allows authenticated remote attackers to write files outside intended directories via manipulated filenames. Affected versions through 4.23.5 fail to sanitize user-supplied filenames in the post_file function, enabling directory traversal sequences (../, ..\ ) to bypass access controls. Publicly available exploit code exists (GitHub Gist by YLChen-007). Vendor-released patch in version 4.23.6 implements filename sanitization using PurePosixPath normalization and path validation to prevent traversal. CVE assigned CVSS 6.3 (Medium) with low-privilege remote exploitation confirmed. No CISA KEV listing indicates exploitation remains targeted rather than widespread.

Path traversal in Oinone Pamirs versions up to 7.2.0 allows authenticated local attackers with physical device access to read, write, or delete arbitrary files via manipulated uniqueFileName parameter in LocalFileClient.java RestController endpoint. Publicly available exploit code exists (GitHub POC published). Despite low CVSS 4.0 score (0.9), the physical access requirement and low attack complexity make this exploitable in scenarios where attackers have direct device access or console privileges. EPSS data not available for this CVE. Vendor unresponsive to disclosure.

File overwrite and information disclosure in Crypt::DSA through version 1.19 for Perl expose systems where user-controlled input reaches the library's key handling routines. The root cause is use of Perl's 2-argument open() form in lib/Crypt/DSA/Key.pm, which interprets leading or trailing special characters in filenames as I/O mode specifiers, enabling reads from or writes to arbitrary files. CVSS rates this AV:N/AC:L/PR:N/UI:N (Medium, 6.5), though actual exposure depends on application-level code paths; EPSS is 0.01% and this CVE is not in CISA KEV, indicating no public exploit identified at time of analysis.

Arbitrary directory deletion in phpMyFAQ before 4.1.2 allows authenticated admins with the INSTANCE_DELETE permission to recursively delete directories outside the multisite clientFolder by submitting path traversal sequences in the client URL parameter. The flaw stems from Client::deleteClientFolder() stripping only the https:// scheme without canonicalizing or validating ../ segments before passing the path to Filesystem::deleteDirectory(). Publicly available exploit code exists (VulnCheck advisory and GHSA write-up include a PoC), though EPSS remains low at 0.04% and the issue is not listed in CISA KEV.

Path traversal in SimpleSAMLphp's CAS server module allows unauthenticated remote attackers to read and deserialize arbitrary files outside the ticket directory via crafted ticket parameters. When using FileSystemTicketStore, attackers can inject '../' sequences into CAS validation endpoints to escape the configured directory, potentially deleting files that contain serialized PHP data compatible with array types. The vulnerability has a CVSS score of 8.6 with no public exploits identified at time of analysis.

{filename:path} endpoint fails to validate paths containing %2F-encoded directory separators, bypassing Starlette's URL normalization. Fixed in version 1.2.0 with no public exploit identified at time of analysis.

Path traversal vulnerability in Joplin's OneNote importer (versions 3.2.2 through 3.5.6) allows local attackers with authenticated access to overwrite arbitrary files on disk by importing malicious .one files containing directory traversal sequences in embedded file names. The vulnerability can lead to remote code execution by overwriting system files like .bashrc. Publicly available exploit code exists, with vendor-released patch available in version 3.5.7.

Archive extraction boundary failure in Microsoft APM's legacy-bundle probe allows local attackers to overwrite arbitrary files on Windows systems running Python 3.10 or 3.11. When users run 'apm install' on a malicious .tar.gz file, untrusted tar members bypass path validation, enabling absolute path writes (e.g., D:/...) that compromise system integrity. Fixed in version 0.13.0. No active exploitation confirmed at time of analysis, but the local attack vector with user interaction required (CVSS AV:L/UI:R) limits real-world risk to social engineering scenarios targeting AI agent developers on Windows platforms.

Path traversal in DHTMLX PDF Export Module (used by Gantt and Scheduler) allows remote unauthenticated attackers to read arbitrary local files from the server and embed them in generated PDFs. The vulnerability stems from insufficient HTML sanitization in the module's PDF generation process. CERT-PL reported this issue, and DHTMLX released version 0.7.6 to address it. No active exploitation confirmed by CISA KEV, but the low attack complexity and network attack vector make this a priority for organizations using affected Gantt or Scheduler deployments.