Skip to main content

Path Traversal

web HIGH

Path traversal exploits occur when applications use user-controlled input to construct file system paths without proper validation.

How It Works

Path traversal exploits occur when applications use user-controlled input to construct file system paths without proper validation. Attackers inject special sequences like ../ (dot-dot-slash) to escape the intended directory and navigate to arbitrary locations in the file system. Each ../ sequence moves up one directory level, allowing an attacker to break out of a restricted folder and access sensitive files elsewhere on the server.

Attackers employ various encoding techniques to bypass basic filters. Simple URL encoding transforms ../ into %2e%2e%2f, while double encoding becomes %252e%252e%252f (encoding the percent sign itself). Other evasion methods include nested sequences like ....// (which become ../ after filter removal), null byte injection (%00 to truncate path validation), and OS-specific path separators (backslashes on Windows). Absolute paths like /etc/passwd may also work if the application doesn't enforce relative path constraints.

The typical attack flow begins with identifying input parameters that reference files—such as file=, path=, template=, or page=. The attacker then tests various traversal payloads to determine if path validation exists and what depth is needed to reach system files. Success means reading configuration files, credentials, source code, or even writing malicious files if the application allows file uploads or modifications.

Impact

  • Credential exposure: Access to configuration files containing database passwords, API keys, and authentication tokens
  • Source code disclosure: Reading application code reveals business logic, additional vulnerabilities, and hardcoded secrets
  • System file access: Retrieving /etc/passwd, /etc/shadow, or Windows SAM files for credential cracking
  • Configuration tampering: If write access exists, attackers modify settings or inject malicious code
  • Remote code execution: Writing web shells or executable files to web-accessible directories enables full system compromise

Real-World Examples

ZendTo file sharing application (CVE-2025-34508) contained a path traversal vulnerability allowing unauthenticated attackers to read arbitrary files from the server. The flaw existed in file retrieval functionality where user input directly influenced file path construction without adequate validation, exposing sensitive configuration data and potentially system files.

Web application frameworks frequently suffer from path traversal in template rendering engines. When applications allow users to specify template names or include files, insufficient validation permits attackers to read source code from other application modules or framework configuration files, revealing database credentials and session secrets.

File download features in content management systems represent another common vector. Applications that serve user-requested files from disk often fail to restrict paths properly, enabling attackers to download backup files, logs containing sensitive data, or administrative scripts that weren't intended for public access.

Mitigation

  • Avoid user input in file paths: Use indirect references like database IDs mapped to filenames on the server side
  • Canonicalize and validate: Convert paths to absolute canonical form, then verify they remain within the allowed base directory
  • Allowlist permitted files: Maintain an explicit list of accessible files rather than trying to blocklist malicious patterns
  • Chroot jails or sandboxing: Restrict application file system access to specific directories at the OS level
  • Strip dangerous sequences: Remove ../, ..\\, and encoded variants, though this alone is insufficient

Recent CVEs (7733)

EPSS 1% CVSS 7.5
HIGH POC This Week

IP Guard v4.81.0307.0 was discovered to contain an arbitrary file read vulnerability via the file name parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ip Guard
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Bert-VITS2 is the VITS2 Backbone with multilingual bert. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Bert Vits2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Librechat
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability classified as problematic was found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Wuhu
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
EPSS 8% CVSS 8.2
HIGH POC This Week

An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Bazarr
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal WordPress
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Kubernetes +1
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Kubernetes +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the post_layout parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP WordPress +1
NVD WPScan
EPSS 1% CVSS 8.3
HIGH This Week

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Access Rights Manager
NVD
EPSS 2% CVSS 8.3
HIGH This Week

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Information Disclosure +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Access Rights Manager
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Access Rights Manager
NVD
EPSS 19% CVSS 8.0
HIGH This Week

SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Access Rights Manager
NVD
EPSS 3% CVSS 8.3
HIGH This Week

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Access Rights Manager
NVD
EPSS 3% CVSS 8.8
HIGH This Week

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Information Disclosure +1
NVD
EPSS 3% CVSS 8.8
HIGH This Week

SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Access Rights Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zoho File Upload +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Network Edgiot Gw1500 Firmware
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Path Traversal Dap 1650 Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Seacms
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The WordPress File Upload plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.24.7 via the 'uploadpath' parameter of the wordpress_file_upload shortcode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

File Upload Path Traversal WordPress +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Directory Traversal vulnerability in xmind2testcase v.1.5 allows a remote attacker to execute arbitrary code via the webtool\application.py component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Easyspider
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Datacap +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Storage Concentrator
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Booking Ultra Pro allows PHP Local File Inclusion.1.13. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Blue Plugins Events Calendar for Google allows PHP Local File Inclusion.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Google PHP
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Solara is a pure Python, React-style framework for scaling Jupyter and web apps. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Solara
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ExS ExS Widgets allows PHP Local File Inclusion.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Milan Petrovic GD Rating System allows PHP Local File Inclusion.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.5.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DynamicWebLab WordPress Team Manager allows PHP Local File Inclusion.1.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP WordPress
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.4.4. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NooTheme Jobmonster allows File Manipulation.7.0. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Foxrtu Station
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Oit700 F113 B12 Cb Firmware +3
NVD
EPSS 3% CVSS 8.8
HIGH This Week

The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Pingfederate
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Phpvibe
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.2.27. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Wpcafe
NVD
EPSS 1% CVSS 8.5
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginsWare Advanced Classifieds & Directory Pro allows Path Traversal.1.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Path Traversal.4.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal WordPress Online Booking Scheduling Calendar
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetThemeCore jet-theme-core.2.1. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
EPSS 1% CVSS 4.9
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Path Traversal.3.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Beaver Builder Addons
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows Path Traversal.4.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ultimate Bootstrap Elements For Elementor
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AWSM Innovations AWSM Team allows Path Traversal.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Awsm Team
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Codeless Cowidgets - Elementor Addons allows Path Traversal.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cowidgets
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in kaptinlin Striking allows Path Traversal.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Striking
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.7.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Tutor Lms
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in smartypants SP Project & Document Manager.71. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sp Project Document Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Panda Video plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.0 via the 'selected_button' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Path Traversal +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Livemesh Livemesh Addons for Elementor.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Elementor Addons
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary file read vulnerability via the component /tcpdump/tcpdump.php?menu_uuid. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP
NVD GitHub
EPSS 17% CVSS 9.4
CRITICAL POC THREAT Act Now

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Abb Path Traversal Information Disclosure +19
NVD Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Path Traversal Information Disclosure +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

supOS 5.0 allows api/image/download?fileName=../ directory traversal for reading files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Supos
NVD GitHub
EPSS 51% CVSS 9.9
CRITICAL PATCH Act Now

Gogs through 0.13.0 allows deletion of internal files. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Gogs
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.4 via several of the plugin's widgets through the 'style'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Path Traversal +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ghostscript
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

The vulnerability allows an attacker to access sensitive files on the server by confusing the agent with incorrect file names. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Vulnerability in Delinea Centrify PAS v. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Privileged Access Service
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Vulnerability in Delinea Centrify PAS v. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Privileged Access Service
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'map_style' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

PHP Information Disclosure Path Traversal +4
NVD
EPSS 13% CVSS 7.5
HIGH POC THREAT This Week

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Path Traversal Microsoft
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

GeoServer is an open source server that allows users to share and edit geospatial data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Tomcat Path Traversal Apache +2
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

A path traversal vulnerability in the get-project-files functionality of stitionai/devika allows attackers to read arbitrary files from the filesystem and cause a Denial of Service (DoS). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service Devika
NVD
EPSS 1% CVSS 9.4
CRITICAL Act Now

Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 10% CVSS 9.8
CRITICAL POC THREAT Emergency

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Lollms Web Ui
NVD
EPSS 1% CVSS 7.3
HIGH This Week

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service Chuanhuchatgpt
NVD GitHub
EPSS 1% CVSS 8.6
HIGH This Week

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Pytorch Lightning
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the `configs/config.yaml` file. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

RCE Path Traversal
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Path Traversal Devika
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the latest version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Devika
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dell Data Domain Operating System
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Whatsup Gold
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Whatsup Gold
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Whatsup Gold
NVD
EPSS 99% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Whatsup Gold
NVD
EPSS 0% CVSS 7.7
HIGH POC This Week

A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Path Traversal Lollms Web Ui
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal WordPress
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory traversal via a crafted request to a public endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Sharepoint Bulk File Download
NVD
Prev Page 39 of 86 Next

Quick Facts

Typical Severity
HIGH
Category
web
Total CVEs
7733

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy