CWE-23
Relative Path Traversal
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-139 · CAPEC-76
CVEs mapped to this weakness (193)
page 2 of 10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14795 | Hig | 0.57 | 8.8 | 0.02 | Aug 21, 2018 | DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. | ||
| CVE-2017-13996 | Hig | 0.57 | 8.8 | 0.03 | Oct 5, 2017 | A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute… | ||
| CVE-2026-34926 | Med | 0.56 | 6.7 | 0.13 | KEV | May 21, 2026 | A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the… | |
| CVE-2026-29201 | Hig | 0.56 | 8.6 | 0.00 | May 8, 2026 | Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed. | ||
| CVE-2024-49253 | Hig | 0.56 | 8.6 | 0.01 | Oct 16, 2024 | Relative Path Traversal vulnerability in JamesPark.ninja Analyse Uploads analyse-uploads allows Relative Path Traversal.This issue affects Analyse Uploads: from n/a through <= 0.5. | ||
| CVE-2026-23734 | Cri | 0.55 | — | 0.20 | May 20, 2026 | XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg&minify=false, leading to Path… | ||
| CVE-2025-54317 | Hig | 0.55 | 8.4 | 0.01 | Jul 20, 2025 | An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code execution (RCE). | ||
| CVE-2026-41948 | Cri | 0.54 | 9.4 | 0.01 | May 18, 2026 | Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant… | ||
| CVE-2025-47788 | Cri | 0.54 | — | 0.00 | May 15, 2025 | Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602… | ||
| CVE-2026-5422 | Hig | 0.53 | 8.1 | 0.00 | Jun 2, 2026 | A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. The check uses startswith(root) without appending a trailing path separator,… | ||
| CVE-2026-5966 | Hig | 0.53 | 8.1 | 0.00 | Apr 20, 2026 | ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system. | ||
| CVE-2026-4415 | Hig | 0.53 | 8.1 | 0.01 | Mar 30, 2026 | Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or… | ||
| CVE-2026-2818 | Hig | 0.53 | 8.2 | 0.00 | Feb 20, 2026 | A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only. | ||
| CVE-2025-32409 | Hig | 0.53 | 8.1 | 0.01 | Apr 7, 2025 | Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct image-update location as a consequence of both directory traversal and unintended… | ||
| CVE-2018-10615 | Hig | 0.53 | 8.1 | 0.03 | Jun 4, 2018 | Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform. | ||
| CVE-2026-52813 | cri | 0.52 | — | 0.01 | Jun 23, 2026 | ### Summary Organization names containing path traversal sequences (`../`) are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem. By… | ||
| CVE-2025-41280 | Hig | 0.51 | 7.8 | 0.00 | May 29, 2026 | Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is… | ||
| CVE-2025-10203 | Hig | 0.51 | 7.8 | 0.00 | Sep 15, 2025 | Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DWF3WORK file. This vulnerability affects Digilent… | ||
| CVE-2024-47637 | Hig | 0.50 | 8.8 | 0.01 | Oct 16, 2024 | Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through <= 6.4.1. | ||
| CVE-2024-35186 | Hig | 0.50 | 8.8 | 0.01 | May 23, 2024 | gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads… |
- risk 0.57cvss 8.8epss 0.02
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.
- risk 0.57cvss 8.8epss 0.03
A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute…
- risk 0.56cvss 6.7epss 0.13
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the…
- risk 0.56cvss 8.6epss 0.00
Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.
- risk 0.56cvss 8.6epss 0.01
Relative Path Traversal vulnerability in JamesPark.ninja Analyse Uploads analyse-uploads allows Relative Path Traversal.This issue affects Analyse Uploads: from n/a through <= 0.5.
- risk 0.55cvss —epss 0.20
XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg&minify=false, leading to Path…
- risk 0.55cvss 8.4epss 0.01
An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code execution (RCE).
- risk 0.54cvss 9.4epss 0.01
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant…
- risk 0.54cvss —epss 0.00
Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602…
- risk 0.53cvss 8.1epss 0.00
A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. The check uses startswith(root) without appending a trailing path separator,…
- risk 0.53cvss 8.1epss 0.00
ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.
- risk 0.53cvss 8.1epss 0.01
Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or…
- risk 0.53cvss 8.2epss 0.00
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.
- risk 0.53cvss 8.1epss 0.01
Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct image-update location as a consequence of both directory traversal and unintended…
- risk 0.53cvss 8.1epss 0.03
Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform.
- risk 0.52cvss —epss 0.01
### Summary Organization names containing path traversal sequences (`../`) are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem. By…
- risk 0.51cvss 7.8epss 0.00
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is…
- risk 0.51cvss 7.8epss 0.00
Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DWF3WORK file. This vulnerability affects Digilent…
- risk 0.50cvss 8.8epss 0.01
Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through <= 6.4.1.
- risk 0.50cvss 8.8epss 0.01
gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads…