Skip to main content

Path Traversal

web HIGH

Path traversal exploits occur when applications use user-controlled input to construct file system paths without proper validation.

How It Works

Path traversal exploits occur when applications use user-controlled input to construct file system paths without proper validation. Attackers inject special sequences like ../ (dot-dot-slash) to escape the intended directory and navigate to arbitrary locations in the file system. Each ../ sequence moves up one directory level, allowing an attacker to break out of a restricted folder and access sensitive files elsewhere on the server.

Attackers employ various encoding techniques to bypass basic filters. Simple URL encoding transforms ../ into %2e%2e%2f, while double encoding becomes %252e%252e%252f (encoding the percent sign itself). Other evasion methods include nested sequences like ....// (which become ../ after filter removal), null byte injection (%00 to truncate path validation), and OS-specific path separators (backslashes on Windows). Absolute paths like /etc/passwd may also work if the application doesn't enforce relative path constraints.

The typical attack flow begins with identifying input parameters that reference files—such as file=, path=, template=, or page=. The attacker then tests various traversal payloads to determine if path validation exists and what depth is needed to reach system files. Success means reading configuration files, credentials, source code, or even writing malicious files if the application allows file uploads or modifications.

Impact

  • Credential exposure: Access to configuration files containing database passwords, API keys, and authentication tokens
  • Source code disclosure: Reading application code reveals business logic, additional vulnerabilities, and hardcoded secrets
  • System file access: Retrieving /etc/passwd, /etc/shadow, or Windows SAM files for credential cracking
  • Configuration tampering: If write access exists, attackers modify settings or inject malicious code
  • Remote code execution: Writing web shells or executable files to web-accessible directories enables full system compromise

Real-World Examples

ZendTo file sharing application (CVE-2025-34508) contained a path traversal vulnerability allowing unauthenticated attackers to read arbitrary files from the server. The flaw existed in file retrieval functionality where user input directly influenced file path construction without adequate validation, exposing sensitive configuration data and potentially system files.

Web application frameworks frequently suffer from path traversal in template rendering engines. When applications allow users to specify template names or include files, insufficient validation permits attackers to read source code from other application modules or framework configuration files, revealing database credentials and session secrets.

File download features in content management systems represent another common vector. Applications that serve user-requested files from disk often fail to restrict paths properly, enabling attackers to download backup files, logs containing sensitive data, or administrative scripts that weren't intended for public access.

Mitigation

  • Avoid user input in file paths: Use indirect references like database IDs mapped to filenames on the server side
  • Canonicalize and validate: Convert paths to absolute canonical form, then verify they remain within the allowed base directory
  • Allowlist permitted files: Maintain an explicit list of accessible files rather than trying to blocklist malicious patterns
  • Chroot jails or sandboxing: Restrict application file system access to specific directories at the OS level
  • Strip dangerous sequences: Remove ../, ..\\, and encoded variants, though this alone is insufficient

Recent CVEs (7729)

EPSS 0% CVSS 7.5
HIGH This Week

Path traversal vulnerability in Apptha Slider Gallery versions up to 2.5 that allows unauthenticated remote attackers to read arbitrary files from the affected server by manipulating pathname parameters. The vulnerability has a CVSS score of 7.5 (High) with network-based attack vector requiring no privileges or user interaction, enabling confidentiality compromise of sensitive server files. Current KEV and EPSS status information is not provided in available sources, but the ease of exploitation (AC:L) and absence of authentication requirements significantly elevate real-world risk.

Path Traversal
NVD
EPSS 0% CVSS 2.1
LOW Monitor

A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Path Traversal
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Directory traversal vulnerability in Allegra's extractFileFromZip method that allows authenticated attackers to execute arbitrary code on affected systems. The vulnerability stems from insufficient path validation, enabling remote code execution in the context of the running process. With a CVSS score of 8.8 and requiring only low-privilege authentication, this represents a significant risk to Allegra deployments, though exploitation requires prior authenticated access.

RCE Path Traversal Allegra
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

Path Traversal File Station
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.

Information Disclosure Path Traversal Samba
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in POEditor that enables path traversal attacks, affecting versions 0.9.10 and earlier. An attacker can exploit this via a crafted request to perform unauthorized actions on behalf of an authenticated user, potentially leading to high availability impact. While the CVSS score of 7.4 indicates a significant threat, the requirement for user interaction (UI:R) and network-based attack vector limits real-world exploitability; current KEV and EPSS data are needed to determine if active exploitation is occurring.

CSRF Path Traversal
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in the wphobby Backwp WordPress plugin (versions through 2.0.2) that enables path traversal attacks. An unauthenticated remote attacker can exploit this via a crafted web request to perform unauthorized actions and potentially access sensitive files outside intended directories. While the CVSS score of 7.4 indicates high severity with availability impact, the vulnerability requires user interaction (UI:R) and affects availability rather than confidentiality or integrity, suggesting moderate real-world exploitability.

CSRF Path Traversal
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Critical path traversal vulnerability (CWE-23) that allows unauthenticated remote attackers to read, write, or delete arbitrary files on affected servers with a CVSS score of 9.8. The vulnerability requires no user interaction, has low attack complexity, and grants complete confidentiality, integrity, and availability impact. Without access to KEV status, EPSS scores, POC details, or specific CPE identifiers from the provided data, this appears to be a severe vulnerability affecting multiple server-side products; confirmation of active exploitation status and patch availability requires cross-referencing official vendor security advisories.

Path Traversal Information Disclosure
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Information Update. The manipulation of the argument nomeArquivo leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

PHP Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files

Path Traversal Joomla
NVD
EPSS 2% CVSS 8.1
HIGH This Week

WP User Frontend Pro plugin versions up to 4.1.3 contain an arbitrary file deletion vulnerability in the delete_avatar_ajax() function that allows authenticated Subscriber-level users to delete critical files on WordPress servers without proper path validation. Successful exploitation can lead to remote code execution by deleting sensitive files such as wp-config.php, and the vulnerability is actively exploitable with no user interaction required. This represents a critical post-authentication privilege escalation affecting a widely-used WordPress plugin.

WordPress PHP RCE +1
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,

Path Traversal Ubuntu Debian +1
NVD
EPSS 0% CVSS 3.4
LOW Monitor

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper limitation of a pathname to a restricted directory (path traversal). An attacker could exploit this vulnerability by sending a crafted web request to an affected device, followed by a specific command through an SSH session. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.

RCE Path Traversal Cisco
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the local file system. An attacker could exploit these vulnerabilities by using a symbolic link to perform an agent upgrade that redirects the delete operation of any protected file. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.

Microsoft Path Traversal Cisco +2
NVD
EPSS 0% CVSS 9.2
CRITICAL Act Now

Path traversal in Airleader MASTER enables reading embedded sensitive data.

Information Disclosure Path Traversal
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

A vulnerability classified as problematic has been found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. This affects the function image of the file src/main/java/cn/gson/oasys/controller/process/ProcedureController.java. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Java Path Traversal Oa System
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM POC This Month

A vulnerability was found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. It has been rated as problematic. Affected by this issue is the function image of the file src/main/java/cn/gson/oasys/controller/user/UserpanelController.java. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Java Path Traversal Oa System
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Path Traversal Shiyi Blog
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH POC This Week

Critical authentication bypass vulnerability in Netgear WNR614 version 1.1.0.28_1.0.1WW that allows unauthenticated remote attackers to access sensitive configuration files through null-byte injection in the URL handler. The vulnerability affects the %00currentsetting.htm endpoint, enabling attackers to retrieve or modify device settings without credentials. This 0day has been publicly disclosed with proof-of-concept code available, and CVSS 7.3 reflects moderate confidentiality, integrity, and availability impact across network-accessible administration functions.

Authentication Bypass Netgear Path Traversal +1
NVD GitHub VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Path traversal in Python tarfile extraction with filter='data'.

Python Path Traversal RCE +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Logic flaw in Python's TarFile module where the documented behavior of errorlevel=0 (skip filtered members) contradicts the actual implementation (extract filtered members anyway). This affects any application using Python's tarfile library with extraction filters, allowing attackers to extract files that should be blocked, potentially leading to path traversal or extraction of malicious content. The vulnerability has a high CVSS score (7.5) with network-accessible attack vector and no authentication required, though exploitation requires the application to implement extraction filters expecting them to be respected.

Python Path Traversal Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Path traversal vulnerability in Python's tarfile module extraction filters that allows attackers to bypass the 'data' and 'tar' filter protections, enabling symlink targets to point outside the extraction directory and permitting modification of file metadata. This affects any application using TarFile.extractall() or TarFile.extract() with filter='data' or filter='tar' on untrusted tar archives, as well as Python 3.14+ users relying on the new 'data' default filter. The vulnerability has a CVSS score of 7.5 (High) with high integrity impact, though exploitation requires an attacker to control the tar archive contents.

Python Path Traversal Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CVE-2025-4138 is a security vulnerability (CVSS 7.5) that allows the extraction filter. High severity vulnerability requiring prompt remediation.

Python Path Traversal Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

Python RCE Path Traversal +4
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Directory traversal vulnerability in Parallels Desktop for Mac version 20.2.2 (build 55879) affecting the PVMP package unpacking functionality. An authenticated local attacker with limited privileges can exploit this flaw to write arbitrary files to the system, potentially achieving privilege escalation with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user interaction is not needed, making it a significant risk for multi-user or shared Mac environments.

Privilege Escalation Path Traversal Parallels Desktop
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.

Path Traversal
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Directory Traversal vulnerability (CWE-22) in WebLaudos version 24.2 (04) that allows unauthenticated remote attackers to read arbitrary files and obtain sensitive information through improper validation of the 'id' parameter. With a CVSS score of 7.5 and network-based attack vector requiring no privileges or user interaction, this vulnerability poses a significant confidentiality risk to exposed WebLaudos instances. The vulnerability's active exploitation status and proof-of-concept availability should be verified through current KEV databases and security advisories.

Path Traversal Information Disclosure Weblaudos
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Directory Traversal in HPE StoreOnce backup storage software. One of 6 critical CVEs.

Information Disclosure Path Traversal Storeonce System
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.

Path Traversal Storeonce System
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

AstrBot versions 3.4.4 through 3.5.12 contain a path traversal vulnerability (CWE-23) in the dashboard feature that allows unauthenticated remote attackers to disclose sensitive information including LLM provider API keys, account passwords, and other confidential data. The vulnerability has a CVSS score of 7.5 (High) with high confidentiality impact and no authentication requirements. Patch is available in version 3.5.13 and later via Pull Request #1676.

Information Disclosure Path Traversal Astrbot
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

File modification via 2-args open in YAML-LibYAML before 0.903.0 for Perl. PoC and patch available.

Information Disclosure Path Traversal Yaml Libyaml +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.

IBM Path Traversal Planning Analytics Local
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in JeeWMS up to 20250504. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jeewms
NVD VulDB
EPSS 1% CVSS 5.1
MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Yifang
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal File Upload
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Month

The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Information Disclosure PHP RCE +3
NVD
EPSS 0% CVSS 4.1
MEDIUM Monitor

The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD
EPSS 0% CVSS 2.9
LOW PATCH Monitor

Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Rated low severity (CVSS 2.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Traefik
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in chshcms mccms 2.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Mccms
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Sterling Secure Proxy
NVD
EPSS 0% CVSS 7.3
HIGH This Month

Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD
EPSS 0% CVSS 7.1
HIGH POC This Month

An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Siteserver Cms
NVD GitHub
EPSS 0% CVSS 2.7
LOW PATCH Monitor

auth-js is an isomorphic Javascript library for Supabase Auth. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM This Month

In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Pmb
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability classified as problematic was found in H3C SecCenter SMP-E1114P02 up to 20250513. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Seccenter Smp 1114P02
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability classified as problematic has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Seccenter Smp 1114P02
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Seccenter Smp 1114P02
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Seccenter Smp 1114P02
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Seccenter Smp 1114P02
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal allows Path Traversal.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Path Traversal.19.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Belingo belingoGeo allows Path Traversal.12.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal Opal Woo Custom Product Variation allows Path Traversal.2.0. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in James Laforge Infocob CRM Forms allows Path Traversal.4.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in tainacan Tainacan allows Path Traversal.21.14. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Path Traversal.4.3. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Upload
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LikeCoin Web3Press allows Path Traversal.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway allows Path Traversal.1.7. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in quantumcloud KBx Pro Ultimate allows Path Traversal.0.5. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 8.4
HIGH This Month

Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data if administrator credentials become compromised.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Path Traversal Hot Random Image +1
NVD
EPSS 6% CVSS 7.6
HIGH POC PATCH This Week

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect XSS SSRF +2
NVD Exploit-DB VulDB
EPSS 10% CVSS 7.5
HIGH This Month

Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Hue
NVD
EPSS 2% CVSS 8.8
HIGH This Month

Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Allegra
NVD
EPSS 7% CVSS 7.7
HIGH POC This Week

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Java
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The Madara - Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP RCE +2
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.0
CRITICAL This Week

Improper limitation of pathname in Circuit Provisioning and File Import applications allows modification and uploading of files. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal
NVD
EPSS 2% CVSS 8.2
HIGH This Month

VMware Cloud Foundation contains a directory traversal vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal VMware
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova WorkstationST on Windows (EGD Configuration Server modules) allows Path Traversal.10.10C and. Rated medium severity (CVSS 5.9). No vendor patch available.

Microsoft Path Traversal Windows
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Path Traversal: '.../...//' vulnerability in ctltwp Section Widget allows Path Traversal.3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Path Traversal
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Path Traversal: '.../...//' vulnerability in bslthemes Tastyc allows PHP Local File Inclusion.5.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP Path Traversal
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Path traversal vulnerability exists in a-blog cms versions prior to Ver. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal A Blog Cms
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Student Result Management System
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in SourceCodester Student Result Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal Student Result Management System
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in jammy928 CoinExchange_CryptoExchange_Java up to 8adf508b996020d3efbeeb2473d7235bd01436fa. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Java
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Java
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH POC PATCH This Month

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python RCE Path Traversal +4
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal.2 through revision. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal.2 through revision. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal
NVD
EPSS 2% CVSS 8.7
HIGH This Month

PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 8.6
HIGH This Month

A Path traversal vulnerability in the file download functionality was identified. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in SourceCodester Student Result Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Student Result Management System
NVD GitHub VulDB
EPSS 1% CVSS 9.4
CRITICAL This Week

Atheos is a self-hosted browser-based cloud IDE. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Week

The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure PHP +2
NVD WPScan
EPSS 4% CVSS 9.8
CRITICAL Act Now

The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP RCE +1
NVD
EPSS 1% CVSS 7.2
HIGH This Month

The File Manager Advanced Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure RCE +1
NVD
Prev Page 27 of 86 Next

Quick Facts

Typical Severity
HIGH
Category
web
Total CVEs
7729

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy