CWE-23
Relative Path Traversal
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-139 · CAPEC-76
CVEs mapped to this weakness (193)
page 4 of 10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-52922 | Hig | 0.48 | 7.4 | 0.00 | Jun 23, 2025 | Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: (1) fully map the filesystem structure via the /api/file_manager/files?base_folder= endpoint, (2) create arbitrary… | ||
| CVE-2026-7404 | — | Hig | 0.47 | 7.3 | 0.01 | Apr 29, 2026 | A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py. This manipulation of the argument detail causes relative path traversal. It… | |
| CVE-2026-32725 | Hig | 0.47 | 8.3 | 0.01 | Mar 31, 2026 | SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before… | ||
| CVE-2025-55752 | Hig | 0.47 | 7.5 | 0.67 | Oct 27, 2025 | Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the … | ||
| CVE-2025-27791 | Hig | 0.47 | — | 0.00 | Apr 15, 2025 | Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to… | ||
| CVE-2025-2007 | Hig | 0.47 | 8.1 | 0.01 | Apr 1, 2025 | The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers,… | ||
| CVE-2026-34026 | Hig | 0.46 | — | 0.00 | Jun 15, 2026 | Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without… | ||
| CVE-2026-48569 | Hig | 0.46 | 7.1 | 0.00 | Jun 9, 2026 | Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2026-48126 | Hig | 0.46 | 8.2 | 0.00 | May 26, 2026 | Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at engine/flags.go:372), the request handler resolves the served directory by joining the configured --dir with the… | ||
| CVE-2026-22070 | Hig | 0.46 | 7.1 | 0.00 | Apr 30, 2026 | ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal. | ||
| CVE-2026-39307 | Hig | 0.46 | 8.1 | 0.00 | Apr 7, 2026 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources (e.g., GitHub), the application uses… | ||
| CVE-2025-24350 | Hig | 0.46 | 7.1 | 0.00 | Apr 30, 2025 | A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request. | ||
| CVE-2024-12019 | — | Hig | 0.46 | — | 0.00 | Mar 14, 2025 | The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system. An account with ‘read’ and ‘download’ privileges on at least one existing document in the… | |
| CVE-2024-32005 | Hig | 0.46 | 8.2 | 0.01 | Apr 12, 2024 | NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the `/_nicegui/{__version__}/resources/{key}/{path:path}` route. As a result any file on the backend filesystem which the… | ||
| CVE-2026-8209 | Med | 0.45 | — | 0.00 | May 9, 2026 | Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher… | ||
| CVE-2026-33435 | Hig | 0.45 | 8.0 | 0.01 | Apr 15, 2026 | Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable… | ||
| CVE-2024-2461 | — | Med | 0.45 | — | 0.01 | Jun 11, 2024 | If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible | |
| CVE-2026-39814 | Med | 0.44 | 6.7 | 0.00 | Apr 14, 2026 | A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via <insert… | ||
| CVE-2025-58456 | Med | 0.44 | 6.8 | 0.01 | Oct 23, 2025 | A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine. | ||
| CVE-2025-59341 | Hig | 0.43 | — | 0.02 | Sep 17, 2025 | esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the server to read and return files from the host… |
- risk 0.48cvss 7.4epss 0.00
Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: (1) fully map the filesystem structure via the /api/file_manager/files?base_folder= endpoint, (2) create arbitrary…
- risk 0.47cvss 7.3epss 0.01
A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py. This manipulation of the argument detail causes relative path traversal. It…
- risk 0.47cvss 8.3epss 0.01
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before…
- risk 0.47cvss 7.5epss 0.67
Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the …
- risk 0.47cvss —epss 0.00
Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to…
- risk 0.47cvss 8.1epss 0.01
The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers,…
- risk 0.46cvss —epss 0.00
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without…
- risk 0.46cvss 7.1epss 0.00
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
- risk 0.46cvss 8.2epss 0.00
Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at engine/flags.go:372), the request handler resolves the served directory by joining the configured --dir with the…
- risk 0.46cvss 7.1epss 0.00
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.
- risk 0.46cvss 8.1epss 0.00
PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources (e.g., GitHub), the application uses…
- risk 0.46cvss 7.1epss 0.00
A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request.
- risk 0.46cvss —epss 0.00
The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system. An account with ‘read’ and ‘download’ privileges on at least one existing document in the…
- risk 0.46cvss 8.2epss 0.01
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the `/_nicegui/{__version__}/resources/{key}/{path:path}` route. As a result any file on the backend filesystem which the…
- risk 0.45cvss —epss 0.00
Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher…
- risk 0.45cvss 8.0epss 0.01
Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable…
- risk 0.45cvss —epss 0.01
If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible
- risk 0.44cvss 6.7epss 0.00
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via <insert…
- risk 0.44cvss 6.8epss 0.01
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine.
- risk 0.43cvss —epss 0.02
esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the server to read and return files from the host…