CWE-23
Relative Path Traversal
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-139 · CAPEC-76
CVEs mapped to this weakness (193)
page 1 of 10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-27199 | Hig | 0.73 | 7.3 | 1.00 | KEV | Mar 4, 2024 | In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible | |
| CVE-2023-6825 | Cri | 0.70 | 9.9 | 0.06 | Mar 13, 2024 | The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function.… | ||
| CVE-2026-8326 | Cri | 0.65 | — | 0.00 | May 29, 2026 | Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability… | ||
| CVE-2023-3941 | Cri | 0.65 | 10.0 | 0.01 | May 21, 2024 | Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the… | ||
| CVE-2012-6069 | Cri | 0.65 | 10.0 | 0.03 | Jan 21, 2013 | The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the … | ||
| CVE-2025-62878 | — | Cri | 0.64 | 9.9 | 0.01 | Feb 25, 2026 | A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. | |
| CVE-2025-3365 | — | Cri | 0.64 | 9.8 | 0.01 | Jun 6, 2025 | A missing protection against path traversal allows to access any file on the server. | |
| CVE-2025-23410 | Cri | 0.64 | 9.8 | 0.01 | Mar 5, 2025 | When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types. | ||
| CVE-2017-9664 | Cri | 0.64 | 9.8 | 0.03 | May 24, 2018 | In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP… | ||
| CVE-2025-41268 | Cri | 0.59 | 9.1 | 0.00 | May 29, 2026 | Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines. | ||
| CVE-2026-41551 | Cri | 0.59 | 9.1 | 0.00 | May 12, 2026 | A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device. | ||
| CVE-2025-20059 | Cri | 0.59 | 9.1 | 0.01 | Feb 20, 2025 | Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9. | ||
| CVE-2026-33494 | Cri | 0.58 | 10.0 | 0.01 | Mar 26, 2026 | ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path… | ||
| CVE-2025-52207 | Cri | 0.58 | 9.9 | 0.01 | Jun 27, 2025 | PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory. | ||
| CVE-2017-0918 | Hig | 0.58 | 8.8 | 0.05 | Mar 21, 2018 | Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. | ||
| CVE-2026-42196 | Cri | 0.57 | — | 0.01 | May 12, 2026 | django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load… | ||
| CVE-2025-62498 | Hig | 0.57 | 8.8 | 0.01 | Oct 23, 2025 | A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened. | ||
| CVE-2025-7619 | Hig | 0.57 | 8.8 | 0.01 | Jul 14, 2025 | BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code… | ||
| CVE-2024-3497 | — | Hig | 0.57 | 8.8 | 0.01 | Jun 14, 2024 | Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL. | |
| CVE-2024-33615 | Hig | 0.57 | 8.8 | 0.01 | May 15, 2024 | A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution. |
- risk 0.73cvss 7.3epss 1.00
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
- risk 0.70cvss 9.9epss 0.06
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function.…
- risk 0.65cvss —epss 0.00
Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability…
- risk 0.65cvss 10.0epss 0.01
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the…
- risk 0.65cvss 10.0epss 0.03
The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the …
- risk 0.64cvss 9.9epss 0.01
A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.
- risk 0.64cvss 9.8epss 0.01
A missing protection against path traversal allows to access any file on the server.
- risk 0.64cvss 9.8epss 0.01
When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types.
- risk 0.64cvss 9.8epss 0.03
In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP…
- risk 0.59cvss 9.1epss 0.00
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines.
- risk 0.59cvss 9.1epss 0.00
A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device.
- risk 0.59cvss 9.1epss 0.01
Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9.
- risk 0.58cvss 10.0epss 0.01
ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path…
- risk 0.58cvss 9.9epss 0.01
PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory.
- risk 0.58cvss 8.8epss 0.05
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
- risk 0.57cvss —epss 0.01
django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load…
- risk 0.57cvss 8.8epss 0.01
A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened.
- risk 0.57cvss 8.8epss 0.01
BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code…
- risk 0.57cvss 8.8epss 0.01
Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL.
- risk 0.57cvss 8.8epss 0.01
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution.