CWE-23
Relative Path Traversal
BaseDraft
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-139 · CAPEC-76
CVEs mapped to this weakness (100)
page 5 of 5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-1086 | Med | 0.34 | 5.3 | 0.00 | Feb 7, 2025 | A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2026-31927 | Med | 0.32 | 4.9 | 0.00 | Apr 17, 2026 | Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debug‑setting changes | |
| CVE-2025-32137 | Med | 0.32 | 4.9 | 0.01 | Apr 4, 2025 | Relative Path Traversal vulnerability in Cristián Lávaque s2Member s2member allows Path Traversal.This issue affects s2Member: from n/a through <= 250419. | |
| CVE-2024-3122 | Med | 0.32 | 4.9 | 0.00 | Jul 1, 2024 | CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system. | |
| CVE-2024-22398 | Med | 0.32 | 4.9 | 0.00 | Mar 14, 2024 | An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system. | |
| CVE-2026-24909 | Med | 0.31 | 5.9 | 0.00 | Jan 27, 2026 | vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction. | |
| CVE-2025-2961 | Med | 0.28 | 4.3 | 0.01 | Mar 30, 2025 | A vulnerability classified as problematic was found in opensolon up to 3.1.0. This vulnerability affects the function render_mav of the file /aa of the component org.noear.solon.core.handle.RenderManager. The manipulation of the argument template with the input ../org/example/HelloApp.class leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-0225 | Med | 0.28 | 4.3 | 0.00 | Jan 5, 2025 | A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/ClassFy/exampleDownload.html. The manipulation of the argument name leads to path traversal: '/../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2024-13130 | Med | 0.28 | 4.3 | 0.00 | Jan 5, 2025 | A vulnerability was found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2024-12897 | Med | 0.28 | 4.3 | 0.00 | Dec 23, 2024 | A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2024-2318 | Med | 0.28 | 4.3 | 0.00 | Mar 8, 2024 | A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.3 Build 2025-05-26-1605 is able to address this issue. It is recommended to upgrade the affected component. | |
| CVE-2025-66386 | Med | 0.27 | 4.1 | 0.00 | Nov 28, 2025 | app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin. | |
| CVE-2025-60023 | Med | 0.26 | 4.0 | 0.00 | Oct 23, 2025 | A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine. | |
| CVE-2025-59776 | Med | 0.26 | 4.0 | 0.00 | Oct 23, 2025 | A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine. | |
| CVE-2026-42085 | Med | 0.21 | 4.3 | 0.00 | May 4, 2026 | OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path traversal attacks, by canonicalizing filename to an absolute path, all plugins share this same root directory. That enables users to create arbitrary file structures and overwrite existing configuration files within the shared /plugins directory. This issue has been patched in versions 6.10.5 and 7.0.0-rc3. | |
| CVE-2025-1584 | Med | 0.21 | 4.3 | 0.00 | Feb 23, 2025 | A vulnerability classified as problematic was found in opensolon Solon up to 3.0.8. This vulnerability affects unknown code of the file solon-projects/solon-web/solon-web-staticfiles/src/main/java/org/noear/solon/web/staticfiles/StaticMappings.java. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.9 is able to address this issue. The name of the patch is f46e47fd1f8455b9467d7ead3cdb0509115b2ef1. It is recommended to upgrade the affected component. | |
| CVE-2025-55013 | Med | 0.20 | 4.2 | 0.00 | Aug 9, 2025 | The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client (task_handler.py) accepts a SHA-256 value returned by the service server and uses it directly as a local file name.A malicious or compromised server (or any MITM that can speak to client) can return a path-traversal payload such as `../../../etc/cron.d/evil` and force the client to write the downloaded bytes to an arbitrary location on disk. This is fixed in version 4.6.1.dev138. | |
| CVE-2026-1762 | Low | 0.19 | 2.9 | 0.00 | Feb 10, 2026 | A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions. | |
| CVE-2026-21620 | Low | 0.15 | — | 0.00 | Feb 20, 2026 | Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl. This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0. | |
| CVE-2012-5972 | 0.04 | — | 0.08 | Jan 17, 2013 | Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI. |