CWE-23— Relative Path Traversal
395 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-23page 7 of 8
- CVE-2025-43016MEDIUMCVSS 5.4EG 5.42025-04-25
In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session
- CVE-2025-44163MEDIUMCVSS 6.3EG 6.32025-06-27
RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the `entity` parameter to overwrite arbitrary file…
- CVE-2025-46002MEDIUMCVSS 6.5EG 6.52025-07-18
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.
- CVE-2025-46363MEDIUMCVSS 4.3EG 4.32025-10-30
Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enable…
- CVE-2025-46433MEDIUMCVSS 4.9EG 4.92025-04-25
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
- CVE-2025-47445HIGHCVSS 7.5EG 7.52025-05-14
Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.26.
- CVE-2025-47788CRITICALCVSS 9.4EG 0.02025-05-15
Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not properly validated, which could allow an attacker to execute arbitrary file…
- CVE-2025-48817HIGHCVSS 8.8EG 8.82025-07-08
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- CVE-2025-48957HIGHCVSS 7.5EG 7.52025-06-02
AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and oth…
- CVE-2025-48977MEDIUMCVSS 6.5EG 6.52026-05-28
Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 thr…
- CVE-2025-49466MEDIUMCVSS 5.8EG 5.82025-06-05
aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,
- CVE-2025-51052MEDIUMCVSS 6.5EG 6.52025-08-06
A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.
- CVE-2025-52207CRITICALCVSS 9.9EG 9.92025-06-27
PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory.
- CVE-2025-52922HIGHCVSS 7.4EG 7.42025-06-23
Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: (1) fully map the filesystem structure via the /api/file_manager/files?base_fold…
- CVE-2025-53082MEDIUMCVSS 6.1EG 6.12025-07-29
An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
- CVE-2025-53609MEDIUMCVSS 4.9EG 4.92025-09-09
A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying syste…
- CVE-2025-53779HIGHCVSS 7.2EG 7.22025-08-12
Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
- CVE-2025-54317HIGHCVSS 8.4EG 8.42025-07-20
An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code execution (RCE).
- CVE-2025-54531HIGHCVSS 7.7EG 7.72025-07-28
In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
- CVE-2025-55013MEDIUMCVSS 4.2EG 4.22025-08-09
The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client (task_handler.py) accepts a SHA-256 value re…
- CVE-2025-55115HIGHCVSS 8.8EG 8.82025-09-16
A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and poten…
- CVE-2025-55202MEDIUMCVSS 5.3EG 5.32025-08-29
Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, s…
- CVE-2025-55747CRITICALCVSS 9.1EG 9.12025-09-03
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.…
- CVE-2025-55748HIGHCVSS 7.5EG 7.52025-09-03
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access …
- CVE-2025-55752HIGHCVSS 7.5EG 7.52025-10-27
Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that r…
- CVE-2025-57403HIGHCVSS 7.5EG 7.52025-12-26
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows d…
- CVE-2025-58078HIGHCVSS 7.5EG 7.52025-10-23
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files…
- CVE-2025-58429HIGHCVSS 7.5EG 7.52025-10-23
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary…
- CVE-2025-58456MEDIUMCVSS 6.8EG 6.82025-10-23
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitra…
- CVE-2025-58463MEDIUMCVSS 4.9EG 4.92025-11-07
A relative path traversal vulnerability has been reported to affect Download Station. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We…
- CVE-2025-58464HIGHCVSS 7.5EG 7.52025-11-07
A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in…
- CVE-2025-58467MEDIUMCVSS 6.5EG 6.52026-02-11
A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already…
- CVE-2025-58752MEDIUMCVSS 5.3EG 5.32025-09-08
Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the `server.fs` settings. Only apps that explicitly expose the Vite dev server …
- CVE-2025-58760HIGHCVSS 8.6EG 8.62025-09-09
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The `/image` API endpoint in Tautulli v2.15.3 and earlier is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the a…
- CVE-2025-59336MEDIUMCVSS 6.9EG 0.02025-09-16
Luanox is a module host for Lua packages. Prior to 0.1.1, a file traversal vulnerability can cause potential denial of service by overwriting Phoenix runtime files. Package names like ../../package are not properly filtered and pass the va…
- CVE-2025-59341HIGHCVSS 7.7EG 0.02025-09-17
esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the serve…
- CVE-2025-59456MEDIUMCVSS 5.5EG 5.52025-09-17
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
- CVE-2025-59682LOWCVSS 3.1EG 3.12025-10-01
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory t…
- CVE-2025-59776MEDIUMCVSS 4.0EG 4.02025-10-23
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary…
- CVE-2025-59835HIGHCVSS 8.6EG 0.02025-10-02
LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not…
- CVE-2025-60020MEDIUMCVSS 6.4EG 6.42025-09-24
nncp before 8.12.0 allows path traversal (for reading or writing) during freqing and file saving via a crafted path in packet data.
- CVE-2025-60023MEDIUMCVSS 4.0EG 4.02025-10-23
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary…
- CVE-2025-62187LOWCVSS 2.9EG 2.92025-10-07
In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux (media file pathnames are not necessarily relative to the media folder).
- CVE-2025-62498HIGHCVSS 8.8EG 8.82025-10-23
A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine wh…
- CVE-2025-62552HIGHCVSS 7.8EG 7.82025-12-09
Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally.
- CVE-2025-64446CRITICALCVSS 9.8EG 9.8⚠ KEV2025-11-14
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute adm…
- CVE-2025-64714MEDIUMCVSS 5.8EG 5.82025-11-13
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, an unauthenticated Local File Inclusion exists in the template-switching feature. If `templateselect…
- CVE-2025-64757LOWCVSS 3.5EG 3.52025-11-19
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affe…
- CVE-2025-66386MEDIUMCVSS 4.1EG 4.12025-11-28
app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin.
- CVE-2025-66626HIGHCVSS 8.1EG 8.12025-12-09
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives.…
Map vulnerabilities like CWE-23 to your infrastructure
EchelonGraph correlates every CVE — across CWE-23 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →