CWE-23— Relative Path Traversal
395 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-23page 4 of 8
- CVE-2023-47613MEDIUMCVSS 4.4EG 4.42023-11-09
A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape…
- CVE-2023-4897CRITICALCVSS 9.8EG 8.72023-09-11
Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
- CVE-2023-4914HIGHCVSS 7.5EG 7.52023-09-12
Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1.
- CVE-2023-49801MEDIUMCVSS 4.2EG 4.22024-01-12
Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that t…
- CVE-2023-50255CRITICALCVSS 9.3EG 9.32023-12-27
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening …
- CVE-2023-5189MEDIUMCVSS 6.3EG 6.32023-11-14
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in f…
- CVE-2023-6307MEDIUMCVSS 6.3EG 6.32023-11-27
A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path …
- CVE-2023-6722HIGHCVSS 7.5EG 7.52023-12-13
A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code …
- CVE-2023-6825CRITICALCVSS 9.9EG 9.92024-03-13
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager…
- CVE-2024-0335HIGHCVSS 7.5EG 7.52024-04-03
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony P…
- CVE-2024-0549HIGHCVSS 8.1EG 8.12024-04-16
mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythin…
- CVE-2024-0550MEDIUMCVSS 6.5EG 9.62024-02-28
A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted priv…
- CVE-2024-10019MEDIUMCVSS 6.7EG 6.32025-03-20
A vulnerability in the `start_app_server` function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. The function does not properly sanitize the `app_name` parameter, enabling an attacker to uplo…
- CVE-2024-10200HIGHCVSS 7.5EG 7.52024-10-21
Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server.
- CVE-2024-10513HIGHCVSS 7.2EG 7.22025-03-20
A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with the 'manager' role to access and manipulate th…
- CVE-2024-11067HIGHCVSS 7.5EG 7.52024-11-11
The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the…
- CVE-2024-11309HIGHCVSS 7.5EG 7.52024-11-18
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
- CVE-2024-11310HIGHCVSS 7.5EG 7.52024-11-18
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
- CVE-2024-11311CRITICALCVSS 9.8EG 9.82024-11-18
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploa…
- CVE-2024-11312CRITICALCVSS 9.8EG 9.82024-11-18
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploa…
- CVE-2024-11313CRITICALCVSS 9.8EG 9.82024-11-18
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploa…
- CVE-2024-11314CRITICALCVSS 9.8EG 9.82024-11-18
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploa…
- CVE-2024-11315CRITICALCVSS 9.8EG 9.82024-11-18
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploa…
- CVE-2024-12019HIGHCVSS 7.1EG 0.02025-03-14
The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system. An account with ‘read’ and ‘download’ privileges on …
- CVE-2024-12482MEDIUMCVSS 4.3EG 4.32024-12-12
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been rated as problematic. Affected by this issue is the function backup of the file wetech-cms-master\wetech-basic-common\src\main\java\tech\wetech\basic\util\BackupFileUtil…
- CVE-2024-12642HIGHCVSS 8.1EG 8.12024-12-16
TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the AP…
- CVE-2024-12645MEDIUMCVSS 6.5EG 6.52024-12-16
The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs,…
- CVE-2024-12897MEDIUMCVSS 4.3EG 4.32024-12-23
A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web I…
- CVE-2024-13130MEDIUMCVSS 4.3EG 4.32025-01-05
A vulnerability was found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ../mtd/Config/Sha1Account1 …
- CVE-2024-13791MEDIUMCVSS 4.9EG 4.92025-02-14
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile() function. This makes it possible for authenticated attackers, with Administrator-level access and ab…
- CVE-2024-20310MEDIUMCVSS 6.1EG 6.12024-04-03
A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authentica…
- CVE-2024-20352MEDIUMCVSS 4.9EG 4.92024-04-03
A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is du…
- CVE-2024-20449HIGHCVSS 8.8EG 8.82024-10-02
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. …
- CVE-2024-2053HIGHCVSS 7.5EG 7.52024-03-21
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The…
- CVE-2024-22096MEDIUMCVSS 6.5EG 6.52024-02-02
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system.
- CVE-2024-22226LOWCVSS 3.3EG 3.32024-02-12
Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on t…
- CVE-2024-22398MEDIUMCVSS 4.9EG 4.92024-03-14
An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and de…
- CVE-2024-22415HIGHCVSS 7.3EG 7.32024-01-18
jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file s…
- CVE-2024-22421HIGHCVSS 7.6EG 7.62024-01-19
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens expo…
- CVE-2024-2318MEDIUMCVSS 4.3EG 4.32024-03-08
A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the …
- CVE-2024-24578CRITICALCVSS 10.0EG 10.02024-03-18
RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple iss…
- CVE-2024-2461MEDIUMCVSS 6.9EG 0.02024-06-11
If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible
- CVE-2024-24938MEDIUMCVSS 5.3EG 5.32024-02-06
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
- CVE-2024-24940LOWCVSS 2.8EG 2.82024-02-06
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
- CVE-2024-24942MEDIUMCVSS 5.3EG 5.32024-02-06
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
- CVE-2024-25944MEDIUMCVSS 5.7EG 5.72024-03-29
Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesyste…
- CVE-2024-27199HIGHCVSS 7.3EG 9.0⚠ KEV2024-03-04
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
- CVE-2024-27770HIGHCVSS 8.8EG 8.82024-03-18
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal
- CVE-2024-30010HIGHCVSS 8.8EG 8.82024-05-14
Windows Hyper-V Remote Code Execution Vulnerability
- CVE-2024-3025CRITICALCVSS 9.9EG 9.92024-04-10
mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to refe…
Map vulnerabilities like CWE-23 to your infrastructure
EchelonGraph correlates every CVE — across CWE-23 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →