Skip to main content

Path Traversal

web HIGH

Path traversal exploits occur when applications use user-controlled input to construct file system paths without proper validation.

How It Works

Path traversal exploits occur when applications use user-controlled input to construct file system paths without proper validation. Attackers inject special sequences like ../ (dot-dot-slash) to escape the intended directory and navigate to arbitrary locations in the file system. Each ../ sequence moves up one directory level, allowing an attacker to break out of a restricted folder and access sensitive files elsewhere on the server.

Attackers employ various encoding techniques to bypass basic filters. Simple URL encoding transforms ../ into %2e%2e%2f, while double encoding becomes %252e%252e%252f (encoding the percent sign itself). Other evasion methods include nested sequences like ....// (which become ../ after filter removal), null byte injection (%00 to truncate path validation), and OS-specific path separators (backslashes on Windows). Absolute paths like /etc/passwd may also work if the application doesn't enforce relative path constraints.

The typical attack flow begins with identifying input parameters that reference files—such as file=, path=, template=, or page=. The attacker then tests various traversal payloads to determine if path validation exists and what depth is needed to reach system files. Success means reading configuration files, credentials, source code, or even writing malicious files if the application allows file uploads or modifications.

Impact

  • Credential exposure: Access to configuration files containing database passwords, API keys, and authentication tokens
  • Source code disclosure: Reading application code reveals business logic, additional vulnerabilities, and hardcoded secrets
  • System file access: Retrieving /etc/passwd, /etc/shadow, or Windows SAM files for credential cracking
  • Configuration tampering: If write access exists, attackers modify settings or inject malicious code
  • Remote code execution: Writing web shells or executable files to web-accessible directories enables full system compromise

Real-World Examples

ZendTo file sharing application (CVE-2025-34508) contained a path traversal vulnerability allowing unauthenticated attackers to read arbitrary files from the server. The flaw existed in file retrieval functionality where user input directly influenced file path construction without adequate validation, exposing sensitive configuration data and potentially system files.

Web application frameworks frequently suffer from path traversal in template rendering engines. When applications allow users to specify template names or include files, insufficient validation permits attackers to read source code from other application modules or framework configuration files, revealing database credentials and session secrets.

File download features in content management systems represent another common vector. Applications that serve user-requested files from disk often fail to restrict paths properly, enabling attackers to download backup files, logs containing sensitive data, or administrative scripts that weren't intended for public access.

Mitigation

  • Avoid user input in file paths: Use indirect references like database IDs mapped to filenames on the server side
  • Canonicalize and validate: Convert paths to absolute canonical form, then verify they remain within the allowed base directory
  • Allowlist permitted files: Maintain an explicit list of accessible files rather than trying to blocklist malicious patterns
  • Chroot jails or sandboxing: Restrict application file system access to specific directories at the OS level
  • Strip dangerous sequences: Remove ../, ..\\, and encoded variants, though this alone is insufficient

Recent CVEs (7729)

EPSS 0% CVSS 6.5
MEDIUM This Month

Flare versions before 1.7.3 contain a path traversal vulnerability in the avatar endpoint that allows authenticated users to read arbitrary files from the application container by exploiting unsanitized filename parameters. Any user with login access, including self-registered accounts on instances with open registration enabled (default configuration), can enumerate and retrieve sensitive files accessible to the Node.js process. The vulnerability requires authentication but poses a significant confidentiality risk on publicly accessible Flare instances without registration restrictions.

Path Traversal Flare Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 2.3
LOW PATCH Monitor

Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 versions up to 14.14.0 is affected by path traversal.

Node.js Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Apache PDFBox versions 2.0.24-2.0.35 and 3.0.0-3.0.6 contain a path traversal vulnerability in the ExtractEmbeddedFiles example that allows attackers to write files outside the intended extraction directory by manipulating embedded file names. Organizations that have integrated this example code into production systems are at risk of unauthorized file writes on the host system. No patch is currently available, requiring developers to manually implement path validation to ensure extracted files remain within the designated directory.

Apache Path Traversal Pdfbox +2
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port. [CVSS 5.8 MEDIUM]

Fortinet Path Traversal
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

The Events Calendar (WordPress plugin) versions up to 6.15.17 is affected by path traversal (CVSS 7.5).

WordPress Path Traversal
NVD
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

SiYuan prior to 3.5.10 has a path traversal vulnerability enabling arbitrary file access through crafted API requests.

RCE Path Traversal Siyuan +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

node-tar is a full-featured Tar for Node.js.

Node.js Path Traversal Tar +1
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Imagemagick versions up to 7.1.2-16 is affected by improper link resolution before file access (CVSS 6.3).

Path Traversal Imagemagick Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM This Month

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem.

Path Traversal Camaleon Cms
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL Act Now

Path traversal in Budibase low-code platform 3.31.5 and earlier allows attackers to read arbitrary files through the application builder.

Path Traversal Budibase
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. [CVSS 7.5 HIGH]

Path Traversal Sunbirded Portal
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions up to 26.3.0 is affected by path traversal.

Path Traversal Actual
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise. [CVSS 8.8 HIGH]

Path Traversal Universal Bacnet Router Firmware
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the system. [CVSS 8.8 HIGH]

Path Traversal Universal Bacnet Router Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. [CVSS 6.5 MEDIUM]

Path Traversal Information Disclosure Universal Bacnet Router Firmware
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

DoraCMS 3.0.x contains a path traversal vulnerability in the createFileBypath function that allows authenticated attackers to read, write, or delete arbitrary files on the server. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

Path Traversal Doracms
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Path traversal in Tsinghua Unigroup Electronic Archives System 3.2.210802 allows unauthenticated remote attackers to read arbitrary files via a crafted path parameter in the /System/Cms/downLoad endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or response to remediation efforts.

Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SourceCodester Modern Image Gallery App 1.0 contains a path traversal vulnerability in the /delete.php file that allows unauthenticated remote attackers to manipulate the filename parameter and access or delete arbitrary files. Public exploit code exists for this vulnerability, and no patch is currently available. The vulnerability can lead to information disclosure or file deletion on affected systems.

PHP Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. [CVSS 3.7 LOW]

Node.js Path Traversal
NVD GitHub
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Arbitrary file overwrite in node-tar before 7.5.10 lets a malicious tar archive write files outside the intended extraction directory on Windows by embedding a hardlink whose target uses a drive-relative path such as 'C:../target.txt'. The flaw triggers during ordinary tar.x() extraction, so any Node.js application that unpacks untrusted archives on Windows is exposed. Publicly available exploit code exists via the GitHub Security Advisory, though EPSS exploitation probability is very low (0.02%) and it is not listed in CISA KEV.

Node.js Tar Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Unsanitized attachment filenames in eml_parser prior to version 2.0.1 enable path traversal attacks, allowing attackers to write files outside the intended output directory when the example extraction script processes malicious emails. Organizations using the vulnerable example code or similar attachment handling logic are at risk of unauthorized file writes that could overwrite critical files or introduce malicious content. Public exploit code exists for this vulnerability, and a patch is available in version 2.0.1 and later.

Python Path Traversal Eml Parser
NVD GitHub
EPSS 0% CVSS 4.1
MEDIUM This Month

Karapace versions before 6.0.0 contain a path traversal vulnerability in the backup restoration functionality that allows attackers to read arbitrary files from the system by crafting malicious backup files. Organizations using Karapace's backup/restore feature with untrusted backup sources are at risk, with the actual impact limited by the file permissions of the Karapace process. No patch is currently available, requiring users to restrict backup sources or disable the backup functionality until version 6.0.0 is released.

Path Traversal Karapace
NVD GitHub
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that construct API URLs, the traversal segments could redirect requests to unintended SCM provider API e...

Path Traversal Backstage Integration
NVD GitHub
EPSS 1% CVSS 7.2
HIGH PATCH This Week

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_delete_file' function in all versions up to, and including, 5.11.1. [CVSS 7.2 HIGH]

WordPress PHP RCE +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Path traversal in Wallos subscription tracker versions prior to 4.6.2 allows unauthenticated remote attackers to read arbitrary files from the hosting system via a malicious url parameter. Public exploit code exists for this vulnerability, which has a high severity CVSS score of 7.5. The vulnerability is patched in version 4.6.2 and later.

Path Traversal Wallos
NVD GitHub
EPSS 0% CVSS 2.5
LOW PATCH Monitor

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. [CVSS 2.5 LOW]

Path Traversal Go
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Path traversal in dbt-common's tarball extraction function allows attackers to write files outside the intended destination directory by exploiting improper path validation in the safe_extract() method. An attacker can craft a malicious tarball to place files in sibling directories, potentially compromising systems using affected versions of dbt-common in dbt-core and adapter implementations. No patch is currently available for this vulnerability.

Path Traversal Dbt Common
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Zarf is an Airgap Native Packager Manager for Kubernetes. [CVSS 8.2 HIGH]

Kubernetes Path Traversal Zarf +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Navtor NavBox exposes an unauthenticated path traversal vulnerability in its HTTP service that allows remote attackers to read arbitrary files from the server by submitting requests with absolute filesystem paths. Successful exploitation enables unauthorized disclosure of sensitive configuration files and system information, limited only by the service process privileges. No patch is currently available.

Path Traversal Navbox Firmware
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. [CVSS 8.2 HIGH]

PHP SQLi Path Traversal
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. [CVSS 6.2 MEDIUM]

PHP Path Traversal
NVD Exploit-DB
EPSS 1% CVSS 8.7
HIGH POC This Week

Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. [CVSS 7.5 HIGH]

Path Traversal
NVD Exploit-DB
EPSS 0% CVSS 8.7
HIGH POC This Week

EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. [CVSS 7.5 HIGH]

Path Traversal Information Disclosure
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated file read/write via AppEngine Fileaccess over HTTP.

Path Traversal Information Disclosure
NVD
EPSS 0% CVSS 9.4
CRITICAL Act Now

Filesystem access via CROWN REST interface on industrial device. EPSS 0.25%.

Path Traversal Information Disclosure
NVD
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's get_log_file endpoint "(/api/w/{workspace}/jobs_u/get_log_file/{filename})".

Path Traversal Windmill
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Zip Slip in changedetection.io before 0.54.4 via backup restore. PoC and patch available.

Path Traversal Changedetection
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

Natro Macro versions prior to 1.1.0 allow any user with message permissions in a Discord channel where Remote Control is enabled to execute arbitrary commands on affected systems, including keyboard and mouse control and unrestricted file access. The vulnerability stems from improper access controls on the remote control feature when configured in non-private channels. No patch is currently available for affected versions.

Path Traversal Natro Macro
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Path traversal in OpenChatBI before fix. PoC and patch available.

Path Traversal AI / ML Openchatbi
NVD GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. [CVSS 8.6 HIGH]

Path Traversal Homegallery
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

OpenShift versions prior to 1.6.3-alpha contain a path traversal vulnerability in multiple storage helpers that fail to properly validate directory boundaries, allowing authenticated attackers to read, write, or delete arbitrary files on the system. An attacker with valid credentials can exploit insufficient path sanitization to escape the intended base directory and access sensitive data or modify system files. No patch is currently available for affected versions.

Path Traversal Opensift
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Unauthenticated attackers can achieve remote code execution in Idno social publishing platform versions before 1.6.4 by exploiting a chain of import file write and template path traversal vulnerabilities. An attacker with high privileges can leverage command injection to execute arbitrary code on affected systems. A patch is available in version 1.6.4 and should be applied immediately as this vulnerability carries a 7.2 CVSS score.

RCE Path Traversal Command Injection +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote unauthenticated attackers can read arbitrary files from Talishar (Flesh and Blood fan-made game) servers via path traversal in the ParseGamestate.php script's gameName parameter. The vulnerability affects all versions prior to commit 6be3871 and allows direct access to sensitive server files without authentication (CVSS 7.5, AV:N/PR:N). While EPSS exploitation probability is relatively low (0.47%, 64th percentile), the unauthenticated remote attack vector and confirmed patch availability make this a priority for exposed deployments. No active exploitation or public POC identified at time of analysis.

PHP Path Traversal
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

OpenClaw versions 2026.1.16 through 2026.2.13 allow local attackers to write arbitrary files outside intended directories by supplying malicious archives to the skills, hooks, plugins, or signal installation commands. Successful exploitation enables attackers to achieve code execution or establish persistence on affected systems. A patch is available for affected users.

Path Traversal Openclaw
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

OpenClaw versions before 2026.2.12 suffer from a path traversal vulnerability in transcript file handling that allows authenticated local users to read and modify arbitrary files on the system by injecting directory traversal sequences into sessionId or sessionFile parameters. An attacker with local access can exploit this to access sensitive files outside the intended agent sessions directory without additional privileges. No patch is currently available for this vulnerability.

Path Traversal Openclaw
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

OpenClaw versions before 2026.2.13 suffer from a path traversal vulnerability in the browser control API that allows authenticated attackers to write arbitrary files outside designated temporary directories via the trace and download endpoints. An attacker with API access can exploit this to place malicious files in unintended locations on the system. A patch is available to address this high-severity flaw.

Path Traversal Openclaw
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

OpenClaw versions before 2026.2.14 allow local attackers to write arbitrary files outside the sandbox directory through path traversal sequences in crafted skill package names when sandbox skill mirroring is enabled. An attacker can exploit this by providing a malicious skill package with traversal patterns like ../ or absolute paths in the frontmatter name parameter, potentially compromising system integrity. A patch is available to remediate this vulnerability.

Path Traversal Openclaw
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

OpenClaw before version 2026.2.14 fails to properly validate file paths when extracting TAR archives, enabling attackers to use path traversal sequences to write files outside the intended extraction directory. An unauthenticated remote attacker can exploit this to overwrite configuration files or inject malicious code into the system. A patch is available for affected versions.

Path Traversal Openclaw
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

OpenClaw 2026.1.29-beta.1 through 2026.2.0 is vulnerable to path traversal during plugin installation, enabling attackers to write arbitrary files outside the intended extensions directory by crafting malicious package names with traversal sequences. An unauthenticated attacker can exploit this when users execute the plugin install command, potentially achieving arbitrary file write capabilities on the affected system. A patch is available in version 2026.2.1.

Path Traversal Openclaw
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Arbitrary JavaScript execution in OpenClaw versions prior to 2026.2.14 results from improper path validation in the hook transform module loader, allowing attackers with configuration write access to load malicious modules with gateway process privileges. The vulnerability affects the hooks.mappings[].transform.module parameter, which fails to restrict absolute paths and directory traversal sequences. A patch is available.

Path Traversal Openclaw
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. [CVSS 5.8 MEDIUM]

Path Traversal
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Arbitrary file read in OpenMQ via configuration parsing. Can lead to full exploitation.

Path Traversal Open Message Queue
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Path traversal in D-Link DIR-513 verification code processing. PoC available.

D-Link Path Traversal Dir 513 Firmware
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs. [CVSS 7.5 HIGH]

Path Traversal Ragas
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Path Traversal Harmonyos
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Remote code execution in SeppMail secure email gateway versions 15.0.2.1 and earlier allows unauthenticated attackers to write arbitrary files via path traversal in the Large File Transfer (LFT) feature of the User Web Interface, leading to full system compromise. The flaw carries a maximum CVSS 4.0 score of 10.0 reflecting network-reachable, no-privilege exploitation with scope-changing impact, and was disclosed by InfoGuard Labs alongside CVE-2026-7864, CVE-2026-44127, and CVE-2026-44128. No public exploit identified at time of analysis and EPSS sits at 0.52% (67th percentile), so widespread automated abuse has not yet materialized despite the critical severity.

RCE Path Traversal Seppmail
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

Stylemix uListing versions 2.2.0 and earlier contain a path traversal vulnerability that allows authenticated users with high privileges to access files outside the intended directory structure and read sensitive information. The vulnerability requires valid credentials and does not enable file modification or system disruption, limiting its impact to unauthorized information disclosure.

Path Traversal
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Path traversal in wpWax FormGent plugin versions up to 1.4.2 enables unauthenticated remote attackers to access files outside intended directories. The vulnerability requires no user interaction and can be exploited over the network to cause denial of service or potentially disclose sensitive information. No patch is currently available for this high-severity issue.

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus is affected by path traversal (CVSS 7.5).

Path Traversal
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

OpenDeck is Linux software for your Elgato Stream Deck. versions up to 2.8.1 is affected by path traversal.

Path Traversal Opendeck
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Path traversal in NLTK (Natural Language Toolkit) versions ≤3.9.2 allows remote unauthenticated attackers to read arbitrary files from the server hosting NLP applications. Multiple CorpusReader classes (WordListCorpusReader, TaggedCorpusReader, BracketParseCorpusReader) fail to sanitize file paths, enabling directory traversal to access sensitive files including SSH keys, API tokens, and system configurations. This poses critical risk in machine learning APIs, chatbots, and NLP pipelines that process user-controlled file inputs. EPSS score of 0.25% (48th percentile) suggests low widespread exploitation probability despite public disclosure via huntr.com bounty, though the unauthenticated network vector (AV:N/PR:N) and zero attack complexity make this readily exploitable once targets are identified.

RCE Path Traversal Authentication Bypass +1
NVD VulDB
EPSS 0% CVSS 6.6
MEDIUM This Month

Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt!

Information Disclosure Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper filename validation in SEPPmail Secure Email Gateway's GINA web interface (versions before 15.0.1) enables unauthenticated remote attackers to access arbitrary files on the gateway through specially crafted encrypted email attachments. This path traversal vulnerability affects the confidentiality of sensitive data stored on affected systems. No patch is currently available.

Path Traversal Seppmail
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Authenticated users can exploit a path traversal vulnerability in the SFX2100 firmware's logging interface to enumerate arbitrary files on the system through directory traversal in the file parameter. Public exploit code exists for this medium-severity flaw, and no patch is currently available, leaving affected organizations reliant on access controls to mitigate risk. The vulnerability allows attackers with valid credentials to confirm file existence through backup operation responses, potentially exposing sensitive system information.

Path Traversal Sfx2100 Firmware
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Optimizer versions up to 6.3.1 is affected by improper link resolution before file access (CVSS 7.3).

Path Traversal Dell Optimizer
NVD
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

Zip slip to arbitrary file write in Zdir Pro 4.x ZIP extraction API. PoC available.

RCE Path Traversal Zdir
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC This Week

An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allows attackers to delete arbitrary files via a crafted request. [CVSS 7.1 HIGH]

Path Traversal Wise Force Deleter
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

OpenViking 0.2.1 and earlier contain a path traversal vulnerability in .ovpack file imports that enables local attackers to write arbitrary files outside the intended directory by crafting malicious ZIP archives with traversal sequences or absolute paths. An attacker with user interaction can overwrite or create files with the privileges of the importing process, potentially leading to code execution or system compromise. No patch is currently available for this vulnerability.

Path Traversal Openviking
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Page Builder by SiteOrigin (WordPress plugin) versions up to 2.33.5 is affected by path traversal (CVSS 8.8).

WordPress PHP Path Traversal +2
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Path Traversal Android +1
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Android MmsProvider has a vulnerability allowing arbitrary file deletion through improper handling of MMS data, potentially causing data loss on mobile devices.

Denial Of Service Path Traversal Android +1
NVD
EPSS 0% CVSS 8.0
HIGH This Week

TP-Link Deco BE25 firmware versions 1.0 through 1.1.1 (Build 20250822) contain a path traversal vulnerability that allows authenticated adjacent network attackers to read arbitrary files or trigger denial of service without user interaction. The vulnerability affects the web module component and requires local network access with valid credentials to exploit. No patch is currently available for this high-severity flaw (CVSS 8.0).

TP-Link Denial Of Service Path Traversal +1
NVD
EPSS 0% CVSS 1.3
LOW Monitor

A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The affected element is an unknown function of the component Connection Handler. [CVSS 3.1 LOW]

Path Traversal Jeesite
NVD VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Gradio versions up to 6.7 contains a vulnerability that allows attackers to read arbitrary files from the file system (CVSS 7.5).

Windows Python Path Traversal +2
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Path traversal in Kaniko 1.25.4 through 1.25.9 allows attackers to extract tar archives outside the intended destination directory, enabling arbitrary file writes on the build system. When combined with Docker credential helpers in registry authentication scenarios, this vulnerability can be leveraged for code execution within the Kaniko executor process. Docker and Kubernetes environments using the affected Kaniko versions are at risk.

Docker Kubernetes Kaniko +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

OpenEMR versions up to 8.0.0 contain a path traversal vulnerability in the fax sending functionality that allows authenticated users to exfiltrate arbitrary files from the server, including database credentials, patient records, and source code. The fax endpoint fails to validate or restrict file paths, enabling attackers to read and transmit sensitive data to attacker-controlled phone numbers. Public exploit code exists for this vulnerability, and a patch is available.

Path Traversal Openemr
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL Act Now

Path traversal in Centreon Open Tickets module allows authenticated attackers to read or write files outside intended directories. CVSS 9.9 with scope change indicates impact beyond the vulnerable component.

Path Traversal Open Tickets
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.

Google Privilege Escalation Path Traversal
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Path traversal vulnerability in Xerox FreeFlow Core allows attackers to access files outside restricted directories, potentially exposing sensitive print job data and system configurations.

Path Traversal Freeflow Core
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Path traversal in Sanluan PublicCMS 6.202506.d's Template Cache Generation component allows authenticated remote attackers to manipulate the saveMetadata function and access arbitrary files on the system. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor who has not responded to disclosure attempts.

Java Path Traversal
NVD VulDB
EPSS 0% CVSS 3.7
LOW Monitor

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack. [CVSS 3.7 LOW]

Path Traversal Information Disclosure Xweb 300d Pro Firmware +2
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Junrar versions prior to 7.5.8 contain a path traversal vulnerability in LocalFolderExtractor that allows attackers to write arbitrary files to the filesystem when processing malicious RAR archives on Linux/Unix systems. Public exploit code exists for this vulnerability, which can facilitate remote code execution through file overwrite attacks such as modifying shell profiles or cron jobs. Users should upgrade to version 7.5.8 or later to remediate this issue.

Linux Java RCE +3
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

Path traversal in hexpm's Local Storage backend allows unauthenticated attackers to read sensitive files through relative path manipulation in the file storage routines. Only self-hosted hexpm deployments using Local Storage are affected; the managed hex.pm service is not vulnerable. An attacker can access arbitrary files accessible to the hexpm process without authentication or user interaction.

Path Traversal Hexpm
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Directory traversal in ZenTaoPMS v18.11 through v21.6.beta allows arbitrary code execution through /module/ai/control.php. EPSS 0.76%.

PHP Path Traversal AI / ML
NVD GitHub
EPSS 0% CVSS 2.3
LOW Monitor

Authenticated attackers can read arbitrary files from a VLC for Android device running versions before 3.7.0 by exploiting a path traversal flaw in the Remote Access Server's download endpoint. The vulnerability allows directory traversal through an unsanitized file parameter, though impact is limited to files accessible within the Android app's sandbox and storage permissions. No patch is currently available for this medium-severity vulnerability.

Path Traversal Google
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in WordPress Worry Proof Backup plugin through path traversal in the backup upload feature allows authenticated users with Subscriber privileges or higher to write arbitrary files, including PHP executables, to the server by uploading specially crafted ZIP archives. The vulnerability affects all versions up to 0.2.4 and currently has no available patch, enabling attackers to achieve full server compromise.

WordPress PHP RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Path traversal in Vitess backup manifest handling allows authenticated attackers with access to backup storage to write arbitrary files to any location during restore operations, potentially achieving remote code execution on production MySQL deployments. An attacker can manipulate backup manifests to extract files outside intended directories, gaining unauthorized access to sensitive data and the ability to execute arbitrary commands in the production environment. Patches are available for versions 23.0.3 and 22.0.4.

MySQL Path Traversal Vitess +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Unauthenticated attackers can exploit a path traversal vulnerability in WP Responsive Images plugin for WordPress (all versions up to 1.0) through the 'src' parameter to read arbitrary files from the server. This allows unauthorized access to sensitive information stored on affected WordPress installations. No patch is currently available.

WordPress Path Traversal
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

NetExec's spider_plus module prior to version 1.5.1 fails to sanitize path traversal characters in SMB share filenames, allowing remote attackers to write or overwrite arbitrary files on Linux systems when the DOWNLOAD feature is enabled. The vulnerability requires user interaction to trigger the malicious SMB share crawl and currently has no available patch. Organizations using NetExec should disable the DOWNLOAD=true option as a temporary mitigation.

Linux Path Traversal
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC This Week

Zed code editor versions before 0.225.9 fail to properly validate symbolic links in Agent file tools, allowing attackers to read and write arbitrary files outside the project directory and bypass workspace boundary protections. This vulnerability can expose sensitive user data to language models and leak private files despite configured exclusions. Public exploit code exists and no patch is currently available.

Path Traversal AI / ML Zed
NVD GitHub
Prev Page 16 of 86 Next

Quick Facts

Typical Severity
HIGH
Category
web
Total CVEs
7729

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy