CWE-23
Relative Path Traversal
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-139 · CAPEC-76
CVEs mapped to this weakness (193)
page 5 of 10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-47287 | Med | 0.42 | 6.5 | 0.01 | Jun 9, 2026 | Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network. | ||
| CVE-2025-48977 | Med | 0.42 | 6.5 | 0.01 | May 28, 2026 | Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to… | ||
| CVE-2026-8073 | Hig | 0.42 | 7.5 | 0.01 | May 19, 2026 | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This… | ||
| CVE-2026-20081 | Med | 0.42 | 6.5 | 0.00 | Apr 15, 2026 | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities… | ||
| CVE-2026-20078 | Med | 0.42 | 6.5 | 0.00 | Apr 15, 2026 | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities… | ||
| CVE-2026-27489 | Hig | 0.42 | 7.5 | 0.01 | Apr 1, 2026 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version… | ||
| CVE-2026-31831 | Hig | 0.42 | 7.5 | 0.00 | Mar 30, 2026 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/images API endpoint is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem.… | ||
| CVE-2025-70952 | Hig | 0.42 | 7.5 | 0.01 | Mar 25, 2026 | pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation. | ||
| CVE-2025-10249 | Med | 0.42 | 6.5 | 0.00 | Oct 9, 2025 | The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions in all versions up to, and including, 6.7.37. This makes it possible for authenticated attackers, with… | ||
| CVE-2025-60020 | Med | 0.42 | 6.4 | 0.00 | Sep 24, 2025 | nncp before 8.12.0 allows path traversal (for reading or writing) during freqing and file saving via a crafted path in packet data. | ||
| CVE-2021-4459 | Med | 0.42 | 6.5 | 0.01 | Aug 27, 2025 | An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices. | ||
| CVE-2024-12645 | Med | 0.42 | 6.5 | 0.00 | Dec 16, 2024 | The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could… | ||
| CVE-2026-8134 | Hig | 0.40 | 7.2 | 0.01 | May 21, 2026 | Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include… | ||
| CVE-2026-33733 | Hig | 0.40 | 7.2 | 0.00 | Apr 22, 2026 | EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled `name` and `scope` values and pass them into template path construction without normalization or traversal… | ||
| CVE-2026-43616 | Hig | 0.39 | 7.1 | 0.00 | May 4, 2026 | Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization… | ||
| CVE-2026-48681 | Med | 0.38 | 5.9 | 0.01 | Jun 4, 2026 | OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. | ||
| CVE-2025-59336 | Med | 0.38 | — | 0.00 | Sep 16, 2025 | Luanox is a module host for Lua packages. Prior to 0.1.1, a file traversal vulnerability can cause potential denial of service by overwriting Phoenix runtime files. Package names like ../../package are not properly filtered and pass the validity check of the rockspec… | ||
| CVE-2025-49466 | Med | 0.38 | 5.8 | 0.01 | Jun 5, 2025 | aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part, | ||
| CVE-2025-24819 | Med | 0.37 | 5.7 | 0.00 | Apr 7, 2026 | Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application. | ||
| CVE-2026-41612 | Med | 0.36 | 5.5 | 0.01 | May 12, 2026 | Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. |
- risk 0.42cvss 6.5epss 0.01
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.
- risk 0.42cvss 6.5epss 0.01
Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to…
- risk 0.42cvss 7.5epss 0.01
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This…
- risk 0.42cvss 6.5epss 0.00
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities…
- risk 0.42cvss 6.5epss 0.00
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities…
- risk 0.42cvss 7.5epss 0.01
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version…
- risk 0.42cvss 7.5epss 0.00
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/images API endpoint is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem.…
- risk 0.42cvss 7.5epss 0.01
pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation.
- risk 0.42cvss 6.5epss 0.00
The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions in all versions up to, and including, 6.7.37. This makes it possible for authenticated attackers, with…
- risk 0.42cvss 6.4epss 0.00
nncp before 8.12.0 allows path traversal (for reading or writing) during freqing and file saving via a crafted path in packet data.
- risk 0.42cvss 6.5epss 0.01
An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices.
- risk 0.42cvss 6.5epss 0.00
The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could…
- risk 0.40cvss 7.2epss 0.01
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include…
- risk 0.40cvss 7.2epss 0.00
EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled `name` and `scope` values and pass them into template path construction without normalization or traversal…
- risk 0.39cvss 7.1epss 0.00
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization…
- risk 0.38cvss 5.9epss 0.01
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.
- risk 0.38cvss —epss 0.00
Luanox is a module host for Lua packages. Prior to 0.1.1, a file traversal vulnerability can cause potential denial of service by overwriting Phoenix runtime files. Package names like ../../package are not properly filtered and pass the validity check of the rockspec…
- risk 0.38cvss 5.8epss 0.01
aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,
- risk 0.37cvss 5.7epss 0.00
Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application.
- risk 0.36cvss 5.5epss 0.01
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.