Skip to main content

Path Traversal

web HIGH

Path traversal exploits occur when applications use user-controlled input to construct file system paths without proper validation.

How It Works

Path traversal exploits occur when applications use user-controlled input to construct file system paths without proper validation. Attackers inject special sequences like ../ (dot-dot-slash) to escape the intended directory and navigate to arbitrary locations in the file system. Each ../ sequence moves up one directory level, allowing an attacker to break out of a restricted folder and access sensitive files elsewhere on the server.

Attackers employ various encoding techniques to bypass basic filters. Simple URL encoding transforms ../ into %2e%2e%2f, while double encoding becomes %252e%252e%252f (encoding the percent sign itself). Other evasion methods include nested sequences like ....// (which become ../ after filter removal), null byte injection (%00 to truncate path validation), and OS-specific path separators (backslashes on Windows). Absolute paths like /etc/passwd may also work if the application doesn't enforce relative path constraints.

The typical attack flow begins with identifying input parameters that reference files—such as file=, path=, template=, or page=. The attacker then tests various traversal payloads to determine if path validation exists and what depth is needed to reach system files. Success means reading configuration files, credentials, source code, or even writing malicious files if the application allows file uploads or modifications.

Impact

  • Credential exposure: Access to configuration files containing database passwords, API keys, and authentication tokens
  • Source code disclosure: Reading application code reveals business logic, additional vulnerabilities, and hardcoded secrets
  • System file access: Retrieving /etc/passwd, /etc/shadow, or Windows SAM files for credential cracking
  • Configuration tampering: If write access exists, attackers modify settings or inject malicious code
  • Remote code execution: Writing web shells or executable files to web-accessible directories enables full system compromise

Real-World Examples

ZendTo file sharing application (CVE-2025-34508) contained a path traversal vulnerability allowing unauthenticated attackers to read arbitrary files from the server. The flaw existed in file retrieval functionality where user input directly influenced file path construction without adequate validation, exposing sensitive configuration data and potentially system files.

Web application frameworks frequently suffer from path traversal in template rendering engines. When applications allow users to specify template names or include files, insufficient validation permits attackers to read source code from other application modules or framework configuration files, revealing database credentials and session secrets.

File download features in content management systems represent another common vector. Applications that serve user-requested files from disk often fail to restrict paths properly, enabling attackers to download backup files, logs containing sensitive data, or administrative scripts that weren't intended for public access.

Mitigation

  • Avoid user input in file paths: Use indirect references like database IDs mapped to filenames on the server side
  • Canonicalize and validate: Convert paths to absolute canonical form, then verify they remain within the allowed base directory
  • Allowlist permitted files: Maintain an explicit list of accessible files rather than trying to blocklist malicious patterns
  • Chroot jails or sandboxing: Restrict application file system access to specific directories at the OS level
  • Strip dangerous sequences: Remove ../, ..\\, and encoded variants, though this alone is insufficient

Recent CVEs (7731)

EPSS 1% CVSS 7.5
HIGH PATCH This Week

Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Commons Vfs +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_file() function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

WordPress Path Traversal Import Export Wordpress Users +1
NVD
EPSS 0% CVSS 3.0
LOW POC Monitor

A directory traversal issue was discovered in OpenSlides before 4.2.5. Rated low severity (CVSS 3.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal Openslides
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Order Export Order Import For Woocommerce
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A Path Traversal vulnerability exists in the `/wipe_database` endpoint of parisneo/lollms version v12, allowing an attacker to delete any directory on the system. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal File Upload +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An unauthenticated directory traversal vulnerability exists in Polyaxon, affecting the latest version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

A path traversal vulnerability exists in the `install` and `uninstall` API endpoints of parisneo/lollms-webui version V12 (Strawberry). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Lollms Web Ui
NVD GitHub
EPSS 27% CVSS 7.5
HIGH POC PATCH THREAT Act Now

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.9%.

Path Traversal Mlflow AI / ML
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Aim
NVD
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an attacker to delete any file or directory on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Lollms Web Ui
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Agentscope
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Agentscope
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Agentscope
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Agentscope
NVD
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Privilege Escalation Anythingllm
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint `/audio/api/v1/transcriptions` that allows for arbitrary file upload. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker RCE Path Traversal +1
NVD
EPSS 1% CVSS 9.1
CRITICAL POC PATCH Act Now

A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Onnx Suse
NVD
EPSS 3% CVSS 7.2
HIGH POC This Week

In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Open Webui
NVD VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Aim
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

A path traversal vulnerability exists in the latest version of stangirard/quivr. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Quivr
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service Aim
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Qanything
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

A path traversal vulnerability exists in binary-husky/gpt_academic version git 310122f. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Path Traversal +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability in the gradio-app/gradio repository, version git 67e4044, allows for path traversal on Windows OS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Windows
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A vulnerability in the `ImageClassificationDataset.from_csv()` API of the `dmlc/gluon-cv` repository, version 0.10.0, allows for arbitrary file write. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Llava
NVD
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Librechat
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A path traversal vulnerability exists in binary-husky/gpt_academic at commit 679352d, which allows an attacker to bypass the blocked_paths protection and read the config.py file containing sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Gpt Academic +1
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gpt Academic
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A vulnerability in the upload function of binary-husky/gpt_academic allows any user to read arbitrary files on the system, including sensitive files such as `config.py`. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Gpt Academic
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Upload with Path Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Path Traversal +2
NVD
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Db Gpt
NVD
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Db Gpt
NVD
EPSS 0% CVSS 8.2
HIGH POC This Week

A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint `/v1/resource/file/delete`. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Db Gpt
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Chuanhuchatgpt
NVD
EPSS 0% CVSS 8.2
HIGH POC This Week

A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service Gradio
NVD
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Authentication Bypass Path Traversal +2
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Librechat
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM POC This Month

A vulnerability in the `start_app_server` function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Path Traversal +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP RCE +3
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service Applio
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Applio
NVD GitHub
EPSS 0% CVSS 7.7
HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal Applio
NVD GitHub
EPSS 2% CVSS 7.7
HIGH This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Deserialization +1
NVD GitHub
EPSS 4% CVSS 7.7
HIGH POC This Week

Applio is a voice conversion tool. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Deserialization +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Red Hat Suse
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Denial Of Service +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Flexlogger
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Softdial Contact Center
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Path Traversal +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A lack of validation in the path parameter (/download) of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

`zip` is a zip library for rust which supports reading and writing of simple ZIP files. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Path Traversal
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical has been found in lenve VBlog up to 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java Vblog
NVD VulDB
EPSS 1% CVSS 4.6
MEDIUM POC This Month

The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Authentication Bypass +2
NVD WPScan
EPSS 0% CVSS 6.3
MEDIUM This Month

Path Traversal vulnerability in NotFound Pie Register Premium.8.3.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The WP Ghost (Hide My WP Ghost) - Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Path Traversal Hide My Wp Ghost +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 72% 5.1 CVSS 7.5
HIGH POC THREAT Act Now

Sante PACS Server contains an unauthenticated path traversal vulnerability that allows remote attackers to download arbitrary files from the server's installation drive. Medical imaging servers typically contain DICOM files with protected health information (PHI), making this a significant healthcare data breach vector.

Information Disclosure Path Traversal Sante Pacs Server
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Denial Of Service +2
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability classified as critical was found in Doufox up to 0.2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub VulDB
EPSS 0%
Monitor

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of the application are impacted, as this is exploitable by any user to reveal all files in the opal file...

Path Traversal
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering. [CVSS 7.1 HIGH]

Path Traversal
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. [CVSS 8.8 HIGH]

Path Traversal
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests. [CVSS 5.5 MEDIUM]

Fortinet Path Traversal
NVD
EPSS 0%
Monitor

The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.

Path Traversal Information Disclosure
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. [CVSS 5.4 MEDIUM]

Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 3.8
LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from where they are read. [CVSS 3.8 LOW]

Path Traversal Siemens
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. [CVSS 7.2 HIGH]

Path Traversal Siemens
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict the scope of files accessible to the simulation model. [CVSS 6.2 MEDIUM]

Path Traversal Information Disclosure
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict access to the file deletion functionality. [CVSS 6.8 MEDIUM]

Path Traversal Information Disclosure
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Rack provides an interface for developing web applications in Ruby. versions up to 2.2.13 contains a security vulnerability (CVSS 7.5).

Path Traversal Red Hat Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal File Station
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker RCE Path Traversal
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cs_widget_file_delete() function in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Path Traversal
NVD
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Chestnutcms
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 4% CVSS 6.5
MEDIUM This Month

The Moving Media Library plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the generate_json_page function in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE +1
NVD
EPSS 2% CVSS 8.6
HIGH This Week

Path traversal may allow remote code execution using privileged account (requires device admin account, cannot be performed by a regular user). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Path traversal may lead to arbitrary file deletion. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Path traversal may lead to arbitrary file download. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The DesignThemes Core Features plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dt_process_imported_file function in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Path Traversal
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Path Traversal +3
NVD
EPSS 94% 7.5 CVSS 8.6
HIGH POC KEV THREAT Act Now

NAKIVO Backup & Replication contains an absolute path traversal allowing unauthenticated remote attackers to read arbitrary files, including configuration files with cleartext credentials for physical discovery operations.

RCE Path Traversal Backup Replication Director
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arcgis Server
NVD
Prev Page 30 of 86 Next

Quick Facts

Typical Severity
HIGH
Category
web
Total CVEs
7731

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy