Skip to main content

Path Traversal

web HIGH

Path traversal exploits occur when applications use user-controlled input to construct file system paths without proper validation.

How It Works

Path traversal exploits occur when applications use user-controlled input to construct file system paths without proper validation. Attackers inject special sequences like ../ (dot-dot-slash) to escape the intended directory and navigate to arbitrary locations in the file system. Each ../ sequence moves up one directory level, allowing an attacker to break out of a restricted folder and access sensitive files elsewhere on the server.

Attackers employ various encoding techniques to bypass basic filters. Simple URL encoding transforms ../ into %2e%2e%2f, while double encoding becomes %252e%252e%252f (encoding the percent sign itself). Other evasion methods include nested sequences like ....// (which become ../ after filter removal), null byte injection (%00 to truncate path validation), and OS-specific path separators (backslashes on Windows). Absolute paths like /etc/passwd may also work if the application doesn't enforce relative path constraints.

The typical attack flow begins with identifying input parameters that reference files—such as file=, path=, template=, or page=. The attacker then tests various traversal payloads to determine if path validation exists and what depth is needed to reach system files. Success means reading configuration files, credentials, source code, or even writing malicious files if the application allows file uploads or modifications.

Impact

  • Credential exposure: Access to configuration files containing database passwords, API keys, and authentication tokens
  • Source code disclosure: Reading application code reveals business logic, additional vulnerabilities, and hardcoded secrets
  • System file access: Retrieving /etc/passwd, /etc/shadow, or Windows SAM files for credential cracking
  • Configuration tampering: If write access exists, attackers modify settings or inject malicious code
  • Remote code execution: Writing web shells or executable files to web-accessible directories enables full system compromise

Real-World Examples

ZendTo file sharing application (CVE-2025-34508) contained a path traversal vulnerability allowing unauthenticated attackers to read arbitrary files from the server. The flaw existed in file retrieval functionality where user input directly influenced file path construction without adequate validation, exposing sensitive configuration data and potentially system files.

Web application frameworks frequently suffer from path traversal in template rendering engines. When applications allow users to specify template names or include files, insufficient validation permits attackers to read source code from other application modules or framework configuration files, revealing database credentials and session secrets.

File download features in content management systems represent another common vector. Applications that serve user-requested files from disk often fail to restrict paths properly, enabling attackers to download backup files, logs containing sensitive data, or administrative scripts that weren't intended for public access.

Mitigation

  • Avoid user input in file paths: Use indirect references like database IDs mapped to filenames on the server side
  • Canonicalize and validate: Convert paths to absolute canonical form, then verify they remain within the allowed base directory
  • Allowlist permitted files: Maintain an explicit list of accessible files rather than trying to blocklist malicious patterns
  • Chroot jails or sandboxing: Restrict application file system access to specific directories at the OS level
  • Strip dangerous sequences: Remove ../, ..\\, and encoded variants, though this alone is insufficient

Recent CVEs (7731)

EPSS 0% CVSS 4.3
MEDIUM This Month

Path-Traversal vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Cmseasy
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM POC This Month

Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure RCE Path Traversal +2
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Week

Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Explorer
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Week

Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Explorer
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal One Voice Operations Center
NVD
EPSS 21% CVSS 7.5
HIGH Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer allows Path Traversal.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in efreja Music Sheet Viewer allows Path Traversal.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in paulswarthout Child Themes Helper allows Path Traversal.2.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal CSRF
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

A vulnerability has been identified in GoldPanKit eva-server v4.1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
EPSS 4% CVSS 5.3
MEDIUM POC This Month

An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal
NVD Exploit-DB
EPSS 51% 5.0 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

WhoDB open-source database management tool allows unauthenticated path traversal to access any SQLite3 database on the host machine. Beyond data exposure, affected versions enable reading sensitive system files and executing arbitrary commands through SQLite extensions, achieving full server compromise.

Path Traversal Whodb Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The Post and Page Builder by BoldGrid - Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Path Traversal Post And Page Builder +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal App Connect Enterprise
NVD
EPSS 4% CVSS 9.8
CRITICAL This Week

Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Asterisk
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM This Month

A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Discourse is an open source platform for community discussion. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Discourse
NVD GitHub
EPSS 19% CVSS 5.9
MEDIUM POC PATCH THREAT This Month

Vitest is a testing framework powered by Vite. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 18.8%.

Path Traversal Vitest
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Month

A security issue was found in Sparkle before version 2.6.4. Rated high severity (CVSS 7.3).

Information Disclosure Path Traversal Sparkle +3
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Path Traversal Doris
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Path Traversal +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Admiror Gallery
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

org.gaul S3Proxy implements the S3 API and proxies requests. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Month

Jellystat is a free and open source Statistics App for Jellyfin. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Month

ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Chestnutcms
NVD
EPSS 1% CVSS 7.5
HIGH This Month

Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Month

ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Chestnutcms
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in realmag777 WOLF allows Path Traversal.0.8.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder allows Path Traversal.7.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound WP Cloud allows Absolute Path Traversal.4.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in CmsEasy 7.7.7.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Cmseasy
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Jupiter X Core +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Month

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Path Traversal +1
NVD
EPSS 0% CVSS 9.6
CRITICAL This Week

Dumb Drop is a file upload application. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Path Traversal
NVD GitHub
EPSS 7% CVSS 7.5
HIGH POC This Month

An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Openpanel
NVD Exploit-DB
EPSS 6% CVSS 9.1
CRITICAL POC Act Now

An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Openpanel
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL This Week

The MultiVendorX - The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and including, 4.2.14 via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Path Traversal +3
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Juju
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM This Month

Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sante Pacs Server
NVD
EPSS 1% CVSS 4.3
MEDIUM Monitor

Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sante Pacs Server
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2 due to adding InstallScript custom action to a Basic MSI or InstallScript MSI project extracting. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Path Traversal
NVD
EPSS 59% 4.4 CVSS 5.7
MEDIUM POC THREAT This Month

DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 58.6%.

Path Traversal Voyager
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The Music Sheet Viewer plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.1 via the read_score_file() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal
NVD
EPSS 31% CVSS 9.3
CRITICAL PATCH This Week

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.7% and no vendor patch available.

Java Path Traversal
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

A vulnerability was found in CRI-O. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Red Hat +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Node.js Path Traversal +3
NVD
EPSS 1% CVSS 7.5
HIGH POC This Month

CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cmsimple
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Path Traversal
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM POC PATCH This Month

Cacti is an open source performance and fault management framework. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Cacti Suse
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Path Traversal vulnerability in MORKVA Morkva UA Shipping allows PHP Local File Inclusion.0.18. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal PHP
NVD
EPSS 13% CVSS 5.4
MEDIUM PATCH This Month

Relative Path Traversal vulnerability in Apache Solr. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.5% and no vendor patch available.

Microsoft Apache Path Traversal +2
NVD
EPSS 0% CVSS 7.3
HIGH This Month

Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Cloud Pak System
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Week

The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Abc Notation
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Path Traversal Bootplus
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Smackcoders WP Ultimate Exporter allows Absolute Path Traversal.9. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound Store Locator allows PHP Local File Inclusion.98.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP Path Traversal
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Month

The Post Grid, Slider & Carousel Ultimate - with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

PHP Information Disclosure Path Traversal +3
NVD
EPSS 2% CVSS 9.8
CRITICAL This Week

The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Path Traversal +5
NVD
EPSS 2% CVSS 8.7
HIGH This Month

Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fcrepo
NVD GitHub
EPSS 1% CVSS 7.6
HIGH This Month

A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Workplace Suite
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Month

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Path Traversal Kubernetes Gateway +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

BigFix Patch Download Plug-ins are affected by path traversal vulnerability. Rated medium severity (CVSS 5.3). No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound XLSXviewer allows Path Traversal.1.1. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 1% CVSS 7.1
HIGH POC PATCH This Month

YesWiki is a wiki system written in PHP. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Yeswiki
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Input validation vulnerability in Qualifio's Wheel of Fortune. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Input validation vulnerability in Qualifio's Wheel of Fortune. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Maximo Asset Management
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Path Traversal +1
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal Eventer
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Infosphere Information Server
NVD
EPSS 14% CVSS 5.5
MEDIUM This Month

An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.3% and no vendor patch available.

PHP Path Traversal
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Privilege escalation via path traversal affects multiple Fortinet appliances - FortiWeb (6.4, 7.0, 7.2, 7.4.0-7.4.4, 7.6.0), FortiVoice (6.0, 6.4.0-6.4.9, 7.0.0-7.0.4), and FortiRecorder (7.0.0-7.0.4, 7.2.0-7.2.1) - where an attacker sends specially crafted packets that break out of a restricted directory to gain elevated privileges. Fortinet PSIRT scores this CVSS 9.1 with no confidentiality impact but high integrity and availability impact, reflecting a management-plane compromise rather than data theft. There is no public exploit identified at time of analysis and EPSS is modest (0.39%, 60th percentile), so exploitation is not yet observed at scale.

Fortinet Path Traversal Fortirecorder +2
NVD
EPSS 94% 7.3 CVSS 7.5
HIGH POC KEV THREAT Act Now

SimpleHelp remote support software contains multiple path traversal vulnerabilities allowing unauthenticated remote attackers to download arbitrary files including server configuration and hashed passwords.

Path Traversal Simplehelp
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A path handling issue was addressed with improved logic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Path Traversal
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.2.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP Elementor
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Johan Ström Background Control allows Path Traversal.0.5. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Path Traversal
NVD
EPSS 93% 7.7 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Ivanti Endpoint Manager contains a third absolute path traversal vulnerability for unauthenticated information disclosure, completing the triple path traversal set in the January 2025 security update.

Ivanti Path Traversal Endpoint Manager
NVD
EPSS 93% 7.8 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Ivanti Endpoint Manager contains a second absolute path traversal vulnerability for unauthenticated information disclosure, part of the triple path traversal affecting EPM's January 2025 security update.

Ivanti Path Traversal Endpoint Manager
NVD
EPSS 94% 7.8 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Ivanti Endpoint Manager contains an absolute path traversal vulnerability allowing unauthenticated remote attackers to leak sensitive information from the EPM server, one of three related Ivanti EPM path traversal CVEs.

Ivanti Path Traversal Endpoint Manager
NVD
EPSS 21% CVSS 7.2
HIGH PATCH This Month

An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.5%.

RCE Ivanti Path Traversal +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Arbitrary file write outside the intended destination in rsync's client-side `--safe-links` handling allows a malicious or compromised rsync server to bypass the symlink safety check via a path-traversal flaw (CWE-22). The client fails to recursively verify whether a symbolic-link target supplied by the server itself contains a nested symlink, so a controlled server can place files anywhere the rsync process can write. A detailed advisory was published by Google's security-research team (GHSA-p5pg-x43v-mvqj) as part of the January 2025 rsync vulnerability cluster, but the issue is not in CISA KEV and no public exploit identified at time of analysis; EPSS is moderate at 2.89% (86th percentile).

Path Traversal Rsync Discovery +17
NVD GitHub VulDB
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Server-to-client path traversal in rsync lets a malicious or compromised rsync server write files outside the client's intended destination directory by abusing the `--inc-recursive` incremental-recursion mode. Because the server can negotiate `--inc-recursive` even when the client does not request it, missing symlink validation combined with per-file-list deduplication allows arbitrary file placement on the connecting client. Publicly available exploit code exists, EPSS is 3.19% (87th percentile), and Red Hat has shipped fixes, but it is not currently listed in CISA KEV.

Path Traversal Rsync Almalinux +15
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Path Traversal +1
NVD
EPSS 1% CVSS 7.3
HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
EPSS 3% CVSS 7.5
HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
EPSS 1% CVSS 7.3
HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Path Traversal Endpoint Manager
NVD
Prev Page 32 of 86 Next

Quick Facts

Typical Severity
HIGH
Category
web
Total CVEs
7731

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy