Skip to main content

Path Traversal

web HIGH

Path traversal exploits occur when applications use user-controlled input to construct file system paths without proper validation.

How It Works

Path traversal exploits occur when applications use user-controlled input to construct file system paths without proper validation. Attackers inject special sequences like ../ (dot-dot-slash) to escape the intended directory and navigate to arbitrary locations in the file system. Each ../ sequence moves up one directory level, allowing an attacker to break out of a restricted folder and access sensitive files elsewhere on the server.

Attackers employ various encoding techniques to bypass basic filters. Simple URL encoding transforms ../ into %2e%2e%2f, while double encoding becomes %252e%252e%252f (encoding the percent sign itself). Other evasion methods include nested sequences like ....// (which become ../ after filter removal), null byte injection (%00 to truncate path validation), and OS-specific path separators (backslashes on Windows). Absolute paths like /etc/passwd may also work if the application doesn't enforce relative path constraints.

The typical attack flow begins with identifying input parameters that reference files—such as file=, path=, template=, or page=. The attacker then tests various traversal payloads to determine if path validation exists and what depth is needed to reach system files. Success means reading configuration files, credentials, source code, or even writing malicious files if the application allows file uploads or modifications.

Impact

  • Credential exposure: Access to configuration files containing database passwords, API keys, and authentication tokens
  • Source code disclosure: Reading application code reveals business logic, additional vulnerabilities, and hardcoded secrets
  • System file access: Retrieving /etc/passwd, /etc/shadow, or Windows SAM files for credential cracking
  • Configuration tampering: If write access exists, attackers modify settings or inject malicious code
  • Remote code execution: Writing web shells or executable files to web-accessible directories enables full system compromise

Real-World Examples

ZendTo file sharing application (CVE-2025-34508) contained a path traversal vulnerability allowing unauthenticated attackers to read arbitrary files from the server. The flaw existed in file retrieval functionality where user input directly influenced file path construction without adequate validation, exposing sensitive configuration data and potentially system files.

Web application frameworks frequently suffer from path traversal in template rendering engines. When applications allow users to specify template names or include files, insufficient validation permits attackers to read source code from other application modules or framework configuration files, revealing database credentials and session secrets.

File download features in content management systems represent another common vector. Applications that serve user-requested files from disk often fail to restrict paths properly, enabling attackers to download backup files, logs containing sensitive data, or administrative scripts that weren't intended for public access.

Mitigation

  • Avoid user input in file paths: Use indirect references like database IDs mapped to filenames on the server side
  • Canonicalize and validate: Convert paths to absolute canonical form, then verify they remain within the allowed base directory
  • Allowlist permitted files: Maintain an explicit list of accessible files rather than trying to blocklist malicious patterns
  • Chroot jails or sandboxing: Restrict application file system access to specific directories at the OS level
  • Strip dangerous sequences: Remove ../, ..\\, and encoded variants, though this alone is insufficient

Recent CVEs (7731)

EPSS 0% CVSS 4.9
MEDIUM This Month

There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arcgis Server
NVD
EPSS 0% CVSS 5.1
MEDIUM POC This Month

Directory Traversal (Local File Inclusion) vulnerability in Tikit (now Advanced) eMarketing platform 6.8.3.0 allows a remote attacker to read arbitrary files and obtain sensitive information via a. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP Path Traversal +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Proliz Software OBS allows Path Traversal.0927. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

Path Traversal vulnerability in NotFound GPX Viewer allows Path Traversal.2.11. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Arbitrary file deletion in Helloprint WordPress plugin (versions up to 2.0.7) allows authenticated attackers with low privileges to delete critical system files via path traversal, potentially causing complete site unavailability. The CVSS 7.7 score reflects the Changed scope and High availability impact - an attacker can traverse directories to target files outside the plugin's intended boundary, triggering denial of service. EPSS score of 0.18% (40th percentile) indicates low current exploitation probability, and no active exploitation or public POC has been identified at time of analysis.

Path Traversal
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Arbitrary file deletion in Helloprint WordPress plugin versions up to 2.0.7 allows remote unauthenticated attackers to delete critical files via path traversal, causing denial of service. CVSS 8.6 with Changed scope indicates impact beyond the vulnerable component. EPSS score of 0.19% (41st percentile) suggests low current exploitation probability. Reported by Patchstack audit team with technical details available in their vulnerability database.

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Absolute path traversal in Sports Rankings and Lists WordPress plugin versions up to 1.0.2 allows unauthenticated remote attackers to read arbitrary files from the server filesystem. The vulnerability enables unauthorized access to sensitive configuration files, credentials, and source code without requiring authentication or user interaction. EPSS score of 0.25% suggests low probability of mass exploitation, and no public exploit code or active exploitation has been identified at time of analysis.

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Path traversal in Delete Comments By Status (WordPress plugin) versions up to 2.1.1 enables remote attackers to include arbitrary PHP files from the local filesystem, potentially achieving remote code execution. Attack requires high complexity (AC:H) and user interaction (UI:R), limiting exploitation to social engineering scenarios. EPSS score of 0.18% (39th percentile) indicates low widespread exploitation probability. No active exploitation confirmed (not in CISA KEV), and no public POC identified at time of analysis.

PHP Path Traversal
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Path traversal in WizShop plugin versions through 3.0.2 enables remote attackers to include arbitrary PHP files from the local filesystem, potentially achieving remote code execution. Despite the high CVSS score (8.1), this vulnerability shows low real-world exploitation probability with EPSS at 0.22% (45th percentile). The attack complexity is rated HIGH (AC:H), requiring specific conditions to successfully exploit. No active exploitation confirmed; not listed in CISA KEV, and no public proof-of-concept identified at time of analysis.

PHP Path Traversal
NVD
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Oxidized Web
NVD GitHub
EPSS 4% CVSS 7.2
HIGH This Week

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

PwnDoc is a penetration test reporting application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Pwndoc
NVD GitHub
EPSS 22% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

PwnDoc is a penetration test reporting application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.6%.

RCE Path Traversal Pwndoc
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Cognos Analytics
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Path Traversal Cognos Analytics
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Privilege Escalation Xiq Se
NVD
EPSS 6% CVSS 6.9
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH This Week

An issue in the component admin_template.php of SUCMS v1.0 allows attackers to execute a directory traversal and arbitrary file deletion via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Sucms
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Entirex
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Car Dealer Automotive WordPress Theme - Responsive theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_post_photo() and add_car(). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE +2
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Seacms
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM POC This Month

SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Path Traversal +1
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE Path Traversal +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Mautic
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Microsoft Path Traversal Localsend +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Path Traversal vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion.2.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Estatik Estatik allows PHP Local File Inclusion.1.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Path Traversal
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal.0.8. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal.2. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Path Traversal Moodle
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.01.2025. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD VulDB
EPSS 29% CVSS 9.9
CRITICAL PATCH Act Now

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 29.3% and no vendor patch available.

Path Traversal Mattermost Server Suse
NVD
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mattermost Server Suse
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in SourceCodester Best Church Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Best Church Management Software
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Online Nurse Hiring System
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability classified as problematic was found in opensolon Solon up to 3.0.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH POC This Week

An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal White Jotter
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3.4.3.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dreamer Cms
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PostgreSQL Path Traversal Graphql Mesh Cli +1
NVD GitHub
EPSS 87% 5.4 CVSS 6.5
MEDIUM POC THREAT This Month

MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.8%.

Path Traversal
NVD GitHub
EPSS 1% CVSS 9.2
CRITICAL Act Now

Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.10.3, through 2023.11.1, through 2024.9. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Path Traversal Openpages With Watson
NVD
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Path Traversal Ghosts
NVD GitHub
EPSS 0% CVSS 8.5
HIGH PATCH This Week

crun is an open source OCI Container Runtime fully written in C. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Red Hat Suse
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL POC Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Path Traversal +1
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL POC Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Path Traversal +1
NVD GitHub
EPSS 0% CVSS 8.6
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper Paid Videochat Turnkey Site allows Path Traversal.2.12. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 1% CVSS 8.7
HIGH This Week

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal
NVD GitHub
EPSS 21% CVSS 5.7
MEDIUM POC THREAT This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.1.1. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Epss exploitation probability 21.2% and no vendor patch available.

Path Traversal
NVD VulDB
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Information Disclosure PHP RCE +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Luxcal Web Calendar
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fahad Mahmood Keep Backup Daily allows Path Traversal.1.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability classified as problematic has been found in Seventh D-Guard up to 20250206. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Cmseasy
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Cmseasy
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Path Traversal Bit Assist +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Feminer Wms
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Label Studio is an open source data labeling tool. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Power Hardware Management Console
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile() function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

WordPress Path Traversal Bit Assist
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Google Information Disclosure +3
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
EPSS 0% CVSS 4.5
MEDIUM This Month

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required. No vendor patch available.

RCE Path Traversal
NVD GitHub
EPSS 3% CVSS 8.1
HIGH This Week

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Path Traversal
NVD GitHub
EPSS 0% CVSS 2.7
LOW Monitor

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Path Traversal Active Backup For Business Agent
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Path Traversal Active Backup For Business Agent
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Path Traversal Active Backup For Business Agent
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP RCE +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Directory Traversal vulnerability in yeqifu carRental v.1.0 allows a remote attacker to obtain sensitive information via the file/downloadFile.action?path= component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
EPSS 0% CVSS 3.5
LOW Monitor

A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an administrative user to access system files with the file. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
EPSS 1% CVSS 7.1
HIGH This Week

In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Telerik Document Processing Libraries
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Telerik Ui For Winforms
NVD
EPSS 0% CVSS 8.3
HIGH This Week

In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Telerik Document Processing Libraries
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure Path Traversal
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Maxtime
NVD
EPSS 2% CVSS 7.2
HIGH This Week

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Maxtime
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Maxtime
NVD
EPSS 2% CVSS 7.2
HIGH This Week

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Maxtime
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Maxtime
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Maxtime
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Maxtime
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite arbitrary files via crafted. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal File Upload Maxtime
NVD
EPSS 0% CVSS 5.1
MEDIUM POC This Month

Directory Traversal vulnerability in Ianproxy v.0.1 and before allows a remote attacker to obtain sensitive information. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lanproxy
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Path Traversal Commerce +2
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Fortinet Fortimanager +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Cloud Services Appliance
NVD
EPSS 0% CVSS 8.6
HIGH This Week

SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the network without any. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Path Traversal
NVD
EPSS 55% CVSS 7.2
HIGH POC PATCH THREAT This Month

AnythingLLM prior to version 1.3.1 contains a path traversal vulnerability through non-ASCII filename handling in the multer library. The filename transformation introduces ../ sequences that enable arbitrary file write, leading to remote code execution on the LLM application server.

RCE Path Traversal Anythingllm
NVD GitHub
Prev Page 31 of 86 Next

Quick Facts

Typical Severity
HIGH
Category
web
Total CVEs
7731

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy