CVE Daily
← All tags

Tag: Path Traversal

All CVEs associated with "Path Traversal". Page 16/72 • 8591 CVEs.

Subscribe CVEs: RSS for “Path Traversal”  ·  RSS (High+Critical only)

About “Path Traversal”

A curated feed of “Path Traversal”-related CVEs appears below. We currently track 8591 CVEs for this tag (all time). In the last 365 days, 1471 were published. Average CVSS is 6.8 (all time; 6.9 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-23 - Relative Path Traversal, CWE-35 - Path Traversal: '.../...//'.

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-02-04
High

CVE-2025-22205

Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x.

CVSS: 7.5 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
2025-02-03
High

CVE-2025-24960

Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the route(s). This can lead to Path Traversal Vulnerabilities. Since…

CVSS: 8.7 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-57451

ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-57669

Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2025-24605

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RealMag777 WOLF bulk-editor allows Path Traversal.This issue affects WOLF: from n/a through <= 1.0.8.5.

CVSS: 4.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2025-24569

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder pdf-generator-addon-for-elementor-page-…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2025-23819

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Marco Milesi WP Cloud cloud allows Absolute Path Traversal.This issue affects WP Cloud: from n/a throug…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2025-0973

A vulnerability classified as critical was found in CmsEasy 7.7.7.9. This vulnerability affects the function backAll_action in the library lib/admin/database_admin.php of the file /index.php?case=dat…

CVSS: 5.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-02-01
Medium

CVE-2025-0365

The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-51534

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unaut…

CVSS: 7.1 CWE: CWE-29 - Path Traversal: '..filename' View on NVD
2025-01-31
Critical

CVE-2025-24891

Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as…

CVSS: 9.6 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-53582

An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-53537

An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager.

CVSS: 9.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-01-30
Medium

CVE-2025-0573

Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS…

CVSS: 5.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2025-0572

Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-55415

DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.

CVSS: 5.7 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-01-29
Critical

CVE-2025-0851

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.

CVSS: 9.8 CWE: CWE-36 - Absolute Path Traversal View on NVD
2025-01-28
High

CVE-2025-0659

A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character sequence in the body of the vulnerable endpoint, it is possibl…

CVSS: 7.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2025-0750

A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to u…

CVSS: 6.6 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-01-27
High

CVE-2025-24685

Path Traversal: '.../...//' vulnerability in Ihor Kit Morkva UA Shipping morkva-ua-shipping allows PHP Local File Inclusion.This issue affects Morkva UA Shipping: from n/a through <= 1.0.18.

CVSS: 8.1 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
Medium

CVE-2024-52012

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload"…

CVSS: 5.4 CWE: CWE-23 - Relative Path Traversal View on NVD
2025-01-25
Medium

CVE-2024-13550

The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. This makes it possible for authent…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-01-24
Medium

CVE-2025-0703

A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This issue affects some unknown processing of the file src/m…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2025-24611

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows Absolute Path Traversal.This issue a…

CVSS: 4.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2025-23422

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in moaluko Store Locator store-locator allows PHP Local File Inclusion.This issue affects Store Locator: f…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-01-23
High

CVE-2025-23011

Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JS…

CVSS: 8.8 CWE: CWE-23 - Relative Path Traversal View on NVD
High

CVE-2025-24030

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack…

CVSS: 7.1 CWE: CWE-419 - Unprotected Primary Channel View on NVD
Medium

CVE-2024-42187

BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal att…

CVSS: 5.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-01-22
Medium

CVE-2025-23562

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pitinca XLSXviewer xlsx-viewer allows Path Traversal.This issue affects XLSXviewer: from n/a through <=…

CVSS: 5.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-01-17
Medium

CVE-2024-10799

The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. This makes it possible for authentic…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-01-16
Medium

CVE-2024-57784

An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal.

CVSS: 5.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-48885

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiVoice 7.0.0 throu…

CVSS: 5.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-01-15
High

CVE-2024-57727

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleH…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2025-22786

Path Traversal: '.../...//' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows PHP Local File Inclusion.This issue affects ElementInvader…

CVSS: 7.5 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
High

CVE-2025-22784

Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Background Control background-control allows Path Traversal.This issue affects Background Control: from n/a through <= 1.0.5.

CVSS: 8.6 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2025-01-14
Critical

CVE-2024-13161

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

CVSS: 9.8 CWE: CWE-36 - Absolute Path Traversal View on NVD
Critical

CVE-2024-13160

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

CVSS: 9.8 CWE: CWE-36 - Absolute Path Traversal View on NVD
Critical

CVE-2024-13159

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

CVSS: 9.8 CWE: CWE-36 - Absolute Path Traversal View on NVD
Medium

CVE-2024-12088

A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-13181

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.

CVSS: 7.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-13180

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-13179

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.

CVSS: 7.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-10811

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

CVSS: 9.8 CWE: CWE-36 - Absolute Path Traversal View on NVD
Medium

CVE-2025-0461

A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-39787

Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An atta…

CVSS: 9.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-39786

Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An atta…

CVSS: 9.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-48884

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-47566

A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete…

CVSS: 5.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-46664

A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or…

CVSS: 5.5 CWE: CWE-23 - Relative Path Traversal View on NVD
High

CVE-2024-36512

An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.…

CVSS: 7.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-33502

An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-32115

A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via…

CVSS: 5.5 CWE: CWE-23 - Relative Path Traversal View on NVD
Medium

CVE-2024-12083

Path Traversal Vulnerabilities (CWE-22) exist in NJ/NX-series Machine Automation Controllers. An attacker may use these vulnerabilities to perform unauthorized access and to execute unauthorized code…

CVSS: 6.6 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-01-13
High

CVE-2023-42232

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2023-42229

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service.

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2023-42227

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2023-42226

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2023-42225

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2025-0401

A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The ma…

CVSS: 5.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-01-11
Medium

CVE-2025-0390

A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The ma…

CVSS: 5.3 CWE: CWE-23 - Relative Path Traversal View on NVD
2025-01-09
Medium

CVE-2024-12806

A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.

CVSS: 4.9 CWE: CWE-37 - Path Traversal: '/absolute/pathname/here' View on NVD
2025-01-08
High

CVE-2025-22130

Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-9939

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated at…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-10585

The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. This makes i…

CVSS: 5.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2023-52953

Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVSS: 6.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-01-07
High

CVE-2024-12430

An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-124…

CVSS: 7.0 CWE: CWE-280 - Improper Handling of Insufficient Permissions or Privileges View on NVD
High

CVE-2025-21623

ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which resul…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2025-21622

ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Low

CVE-2024-12425

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitr…

CVSS: 3.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-56286

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in webcodingplace Classic Addons – WPBakery Page Builder classic-addons-wpbakery-page-builder-addons allow…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-49249

Path Traversal: '.../...//' vulnerability in SMSA Express SMSA Shipping smsa-shipping-official allows Path Traversal.This issue affects SMSA Shipping: from n/a through <= 2.3.

CVSS: 8.6 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
Medium

CVE-2024-12719

The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to,…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-12152

The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. This makes it possible for…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-01-05
Medium

CVE-2025-0225

A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/…

CVSS: 4.3 CWE: CWE-23 - Relative Path Traversal View on NVD
Medium

CVE-2024-13130

A vulnerability was found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. It has been rated as problematic. Affected by this issue is some unknown functionality…

CVSS: 4.3 CWE: CWE-23 - Relative Path Traversal View on NVD
2025-01-03
High

CVE-2024-56324

GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups they administer to trigger XML External…

CVSS: 7.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2025-01-02
Medium

CVE-2024-56248

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Path Traversal.This issue affects WPMasterToolKit: fr…

CVSS: 4.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-12-31
Critical

CVE-2024-56198

path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal. Prior to 3.1.0, the filters can be bypassed using .=%5c which results in a path traversal. This vuln…

CVSS: 9.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-56045

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.

CVSS: 9.3 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
High

CVE-2024-56214

Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro: from n/a through <= 5.1.9.

CVSS: 8.3 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
Medium

CVE-2024-56213

Path Traversal: '.../...//' vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.7.

CVSS: 6.5 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
2024-12-30
High

CVE-2024-11944

iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-12-28
High

CVE-2023-7263

Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability…

CVSS: 7.3 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
2024-12-27
High

CVE-2024-54453

An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. A path traversal vulnerability in the DocServlet servlet allows remote att…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-54452

An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A Directory Traversal and Local File Inclusion vulnerability in the logsSys.do page allows remote att…

CVSS: 4.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-56509

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perf…

CVSS: 8.6 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-12-26
High

CVE-2023-7300

Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.(Vulnerabil…

CVSS: 8.0 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
2024-12-24
Medium

CVE-2024-12850

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the database_backup_ajax_do…

CVSS: 4.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-12-23
High

CVE-2024-53961

ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file syst…

CVSS: 8.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-12897

A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Co…

CVSS: 4.3 CWE: CWE-23 - Relative Path Traversal View on NVD
2024-12-21
Medium

CVE-2024-12875

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download…

CVSS: 4.9 CWE: CWE-73 - External Control of File Name or Path View on NVD
2024-12-20
Low

CVE-2024-12014

Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system vi…

CVSS: 2.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-12830

Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG…

CVSS: 7.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-12-19
High

CVE-2024-38819

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-12793

A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2021-26102

A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted…

CVSS: 9.8 CWE: CWE-305 - Authentication Bypass by Primary Weakness View on NVD
2024-12-18
High

CVE-2024-56055

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2.

CVSS: 8.5 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
High

CVE-2024-56049

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2.

CVSS: 8.5 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
Critical

CVE-2023-34990

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.

CVSS: 9.8 CWE: CWE-23 - Relative Path Traversal View on NVD
High

CVE-2024-21547

Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-12-17
Medium

CVE-2024-56142

pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-12-16
Medium

CVE-2024-54382

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Path Traversal.This issue affects Bold Page Build…

CVSS: 4.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-54380

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Filippo Bodei WP Cookies Enabler wp-cookies-enabler allows PHP Local File Inclusion.This issue affects…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-54375

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Woolook woolook allows PHP Local File Inclusion.This issue affects Woolook: from n/a through <= 1…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-54374

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Sogrid sogrid allows PHP Local File Inclusion.This issue affects Sogrid: from n/a through <= 1.5.…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-54373

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chris Gardenberg EduAdmin Booking eduadmin-booking allows PHP Local File Inclusion.This issue affects E…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-12362

A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice lea…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-12646

The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to…

CVSS: 8.1 CWE: CWE-36 - Absolute Path Traversal View on NVD
Medium

CVE-2024-12645

The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to t…

CVSS: 6.5 CWE: CWE-23 - Relative Path Traversal View on NVD
High

CVE-2024-12644

The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lac…

CVSS: 7.1 CWE: CWE-36 - Absolute Path Traversal View on NVD
High

CVE-2024-12643

The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to…

CVSS: 8.1 CWE: CWE-36 - Absolute Path Traversal View on NVD
High

CVE-2024-12642

TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due t…

CVSS: 8.1 CWE: CWE-23 - Relative Path Traversal View on NVD
2024-12-13
Medium

CVE-2024-54313

Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25.

CVSS: 6.5 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
Medium

CVE-2024-54259

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Path Traversal.This issue affects DELUCKS SEO: from n/a through…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-11834

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

CVSS: 9.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-11833

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

CVSS: 9.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-12-12
High

CVE-2024-21575

ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension…

CVSS: 8.6 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD
High

CVE-2024-55658

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to mani…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-55587

python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract.

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD