CWE-23
Relative Path Traversal
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-139 · CAPEC-76
CVEs mapped to this weakness (193)
page 3 of 10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-10073 | Hig | 0.49 | 7.5 | 0.00 | May 29, 2026 | DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files. | ||
| CVE-2025-41271 | Hig | 0.49 | 7.5 | 0.00 | May 29, 2026 | Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device. | ||
| CVE-2026-8361 | — | Hig | 0.49 | 7.5 | 0.00 | May 27, 2026 | A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome | |
| CVE-2026-43533 | Hig | 0.49 | 8.6 | 0.00 | May 5, 2026 | OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local… | ||
| CVE-2026-30345 | Hig | 0.49 | 7.5 | 0.00 | Mar 18, 2026 | A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import. | ||
| CVE-2025-12097 | Hig | 0.49 | 7.5 | 0.01 | Dec 4, 2025 | There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure. Successful exploitation requires an attacker to send a specially crafted request to the NI System Web Server, allowing the attacker to read arbitrary files.… | ||
| CVE-2025-13161 | Hig | 0.49 | 7.5 | 0.00 | Nov 14, 2025 | IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. | ||
| CVE-2025-58429 | Hig | 0.49 | 7.5 | 0.01 | Oct 23, 2025 | A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine. | ||
| CVE-2025-58078 | Hig | 0.49 | 7.5 | 0.01 | Oct 23, 2025 | A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target… | ||
| CVE-2025-11898 | Hig | 0.49 | 7.5 | 0.01 | Oct 17, 2025 | Agentflow developed by Flowring has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. | ||
| CVE-2025-59835 | Hig | 0.49 | — | 0.00 | Oct 2, 2025 | LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory… | ||
| CVE-2025-9639 | — | Hig | 0.49 | 7.5 | 0.01 | Aug 29, 2025 | The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. | |
| CVE-2025-7146 | — | Hig | 0.49 | 7.5 | 0.01 | Jul 8, 2025 | The iPublish System developed by Jhenggao has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to read arbitrary system file. | |
| CVE-2025-47445 | Hig | 0.49 | 7.5 | 0.05 | May 14, 2025 | Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.26. | ||
| CVE-2024-9363 | Hig | 0.49 | 7.5 | 0.01 | Mar 20, 2025 | An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. An attacker can delete important files within the containers, such as `polyaxon.sock`, causing the API… | ||
| CVE-2025-25130 | Hig | 0.49 | 7.5 | 0.00 | Mar 3, 2025 | Relative Path Traversal vulnerability in Shah Alom Delete Comments By Status delete-comments-by-status allows Path Traversal.This issue affects Delete Comments By Status: from n/a through <= 2.1.1. | ||
| CVE-2024-50453 | Hig | 0.49 | 7.5 | 0.01 | Oct 28, 2024 | Relative Path Traversal vulnerability in webangon The Pack Elementor addons the-pack-addon allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through <= 2.0.9. | ||
| CVE-2024-6433 | — | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2024 | The application zips all the files in the folder specified by the user, which allows an attacker to read arbitrary files on the system by providing a crafted path. This vulnerability can be exploited by sending a request to the application with a malicious snapshot_path… | |
| CVE-2023-3940 | Hig | 0.49 | 7.5 | 0.01 | May 21, 2024 | Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the… | ||
| CVE-2024-0335 | Hig | 0.49 | 7.5 | 0.01 | Apr 3, 2024 | ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through… |
- risk 0.49cvss 7.5epss 0.00
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files.
- risk 0.49cvss 7.5epss 0.00
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device.
- risk 0.49cvss 7.5epss 0.00
A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome
- risk 0.49cvss 8.6epss 0.00
OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local…
- risk 0.49cvss 7.5epss 0.00
A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import.
- risk 0.49cvss 7.5epss 0.01
There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure. Successful exploitation requires an attacker to send a specially crafted request to the NI System Web Server, allowing the attacker to read arbitrary files.…
- risk 0.49cvss 7.5epss 0.00
IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
- risk 0.49cvss 7.5epss 0.01
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine.
- risk 0.49cvss 7.5epss 0.01
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target…
- risk 0.49cvss 7.5epss 0.01
Agentflow developed by Flowring has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
- risk 0.49cvss —epss 0.00
LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory…
- risk 0.49cvss 7.5epss 0.01
The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
- risk 0.49cvss 7.5epss 0.01
The iPublish System developed by Jhenggao has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to read arbitrary system file.
- risk 0.49cvss 7.5epss 0.05
Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.26.
- risk 0.49cvss 7.5epss 0.01
An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. An attacker can delete important files within the containers, such as `polyaxon.sock`, causing the API…
- risk 0.49cvss 7.5epss 0.00
Relative Path Traversal vulnerability in Shah Alom Delete Comments By Status delete-comments-by-status allows Path Traversal.This issue affects Delete Comments By Status: from n/a through <= 2.1.1.
- risk 0.49cvss 7.5epss 0.01
Relative Path Traversal vulnerability in webangon The Pack Elementor addons the-pack-addon allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through <= 2.0.9.
- risk 0.49cvss 7.5epss 0.01
The application zips all the files in the folder specified by the user, which allows an attacker to read arbitrary files on the system by providing a crafted path. This vulnerability can be exploited by sending a request to the application with a malicious snapshot_path…
- risk 0.49cvss 7.5epss 0.01
Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to access any file on the system. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the…
- risk 0.49cvss 7.5epss 0.01
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through…