| Severity | Description | ||||||
|---|---|---|---|---|---|---|---|
| CVE-2026-52707 | High | 8.1 v3 | 0.4% | - | -No fix available yet | 2026-06-17 | Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. |
| CVE-2026-52703 | Critical | 9.6 v3 | 0.3% | - | -No fix available yet | 2026-06-15 | Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. |
| CVE-2026-49112 | High | 7.5 v3 | 0.3% | - | -No fix available yet | 2026-06-15 | Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions. |
| CVE-2026-42661 | High | 8.8 v3 | 0.4% | - | -No fix available yet | 2026-06-15 | Custom role Path Traversal in WP Customer Area <= 8.3.4 versions. |
| CVE-2026-40128 | Critical | 9.0 v3 | 0.5% | - | -No fix available yet | 2026-06-09 | SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or modify sensitive information or render any part of the local system unavailable. |
| CVE-2026-24315 | Medium | 4.2 v3 | 0.2% | - | -No fix available yet | 2026-06-09 | SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system causing low impact on Confidentiality and Integrity. Availability of the system is no impacted. |
| CVE-2026-45661 | Critical | 9.9 v3 | 0.7% | - | -No fix available yet | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with Dokploy's remote server deployment feature, this vulnerability enables arbitrary file write to remote server filesystems, automatic remote code execution via cron jobs, complete server compromise, data exfiltration without user interaction, and persistent backdoor installation. This vulnerability bypasses all container isolation on remote server deployments. |
| CVE-2026-45495 | High | 8.8 v3 | 1.0% | - | Fix available | 2026-05-26 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2026-44933 | High | 7.8 v3 | 0.2% | - | -No fix available yet | 2026-05-20 | `PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges. |
| CVE-2026-7302 | Critical | 9.1 v3 | 0.4% | - | -No fix available yet | 2026-05-18 | SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints. |
| CVE-2026-42930 | High | 8.7 v3 | 0.5% | - | -No fix available yet | 2026-05-13 | When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
| CVE-2026-24464 | Medium | 6.8 v3 | 0.9% | - | -No fix available yet | 2026-05-13 | When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
| CVE-2026-25705 | High | 8.4 v3 | 0.4% | - | -No fix available yet | 2026-05-13 | A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code. * Write to /var/lib/rancher/ to tamper with cluster state. * If hostPath volumes are mounted, write to the host node filesystem. * Use this issue to chain with other attack vectors. |
| CVE-2026-0804 | Medium | 6.7 v3 | 0.1% | - | Fix available | 2026-05-12 | An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. |
| CVE-2026-42274 | High | 7.8 v4 | 0.4% | - | -No fix available yet | 2026-05-08 | Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3. This discrepancy can result in heimdall authorizing a request for one path (e.g., /user/../admin, or URL-encoded variants such as /user/%2e%2e/admin or /user/%2e%2e%2fadmin. The latter would require the allow_encoded_slashes option to be set to on or no_decode.) while the downstream ultimately processes a different, normalized path (/admin). This issue has been patched in version 0.17.14. |
| CVE-2026-20034 | High | 8.8 v3 | 0.7% | - | -No fix available yet | 2026-05-06 | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. |
| CVE-2026-0205 | Medium | 6.8 v3 | 0.4% | - | Fix available | 2026-04-29 | A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services. |
| CVE-2026-6074 | Critical | 9.8 v3 | 0.6% | - | -No fix available yet | 2026-04-23 | Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory. |
| CVE-2026-28265 | Medium | 4.4 v3 | 0.1% | - | Fix available | 2026-04-01 | PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files. |
| CVE-2026-25397 | High | 7.5 v3 | 0.4% | - | -No fix available yet | 2026-03-25 | Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through <= 1.0.4. |
| CVE-2026-32415 | Medium | 5.0 v3 | 0.3% | - | -No fix available yet | 2026-03-13 | Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7. |
| CVE-2026-26124 | Critical | 6.7 v3 | 0.5% | - | -No fix available yet | 2026-03-06 | '.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. |
| CVE-2025-69325 | Medium | 5.3 v3 | 0.4% | - | -No fix available yet | 2026-02-20 | Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8. |
| CVE-2025-59793 | Critical | 9.9 v3 | 1.0% | - | Fix available | 2026-02-17 | Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution. |
| CVE-2026-1763 | Medium | 4.6 v3 | 0.2% | - | -No fix available yet | 2026-02-10 | Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions. |
| CVE-2025-58381 | Low | 2.3 v3 | 0.2% | - | Fix available | 2026-02-03 | A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories. |
| CVE-2025-58380 | Low | 2.3 v3 | 0.2% | - | Fix available | 2026-02-03 | A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories. |
| CVE-2025-59099 | Unscored | - | 0.7% | - | -No fix available yet | 2026-01-26 | The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible to retrieve all files stored on the file system, including the SQLite database Database.sq3, containing badge information and the corresponding PIN codes. Additionally, when trying to access certain files, the web server crashes and becomes unreachable for about 60 seconds. This can be abused to continuously send the request and cause denial of service. |
| CVE-2025-67914 | High | 7.7 v3 | 0.3% | - | -No fix available yet | 2026-01-08 | Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8. |
| CVE-2025-46256 | Medium | 6.4 v3 | 0.2% | - | -No fix available yet | 2026-01-07 | Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10. |
| CVE-2025-68428 | High | 7.5 v3 | 2.1% | - | Fix available | 2026-01-05 | jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in [email protected]. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. |
| CVE-2025-28973 | Medium | 6.5 v3 | 0.3% | - | -No fix available yet | 2025-12-31 | Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress pro-watermark allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through <= 2.0. |
| CVE-2025-64676 | Critical | 7.2 v3 | 0.9% | - | -No fix available yet | 2025-12-18 | '.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network. |
| CVE-2025-64253 | Medium | 4.9 v3 | 0.4% | - | -No fix available yet | 2025-12-16 | Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through <= 1.7.1. |
| CVE-2025-66004 | Medium | 5.7 v3 | 0.1% | - | Fix available | 2025-12-10 | A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba. |
| CVE-2025-41736 | High | 8.8 v3 | 0.6% | - | Fix available | 2025-11-18 | A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution. |
| CVE-2025-5454 | Medium | 6.4 v3 | 0.1% | - | Fix available | 2025-11-11 | An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. |
| CVE-2025-58972 | High | 7.2 v3 | 0.4% | - | -No fix available yet | 2025-11-06 | Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.10.4. |
| CVE-2025-48090 | High | 8.1 v3 | 0.4% | - | -No fix available yet | 2025-11-06 | Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through < 1.5. |
| CVE-2025-39467 | High | 8.1 v3 | 0.5% | - | Fix available | 2025-11-06 | Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1. |
| CVE-2025-22288 | Medium | 4.1 v3 | 0.3% | - | -No fix available yet | 2025-11-06 | Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through <= 3.17.0. |
| CVE-2025-53880 | Unscored | - | 0.3% | - | -No fix available yet | 2025-10-30 | A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses. |
| CVE-2025-27222 | High | 8.6 v3 | 1.9% | - | -No fix available yet | 2025-10-27 | TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file that is accessible by the TRUfusion user and can also be used to leak cleartext passwords of TRUfusion Enterprise itself. |
| CVE-2025-41723 | Critical | 9.8 v3 | 1.2% | - | -No fix available yet | 2025-10-22 | The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations. |
| CVE-2025-8051 | Medium | 6.5 v3 | 0.4% | - | -No fix available yet | 2025-10-20 | Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2. |
| CVE-2025-42937 | Critical | 9.8 v3 | 0.7% | - | -No fix available yet | 2025-10-14 | SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application. |
| CVE-2025-43907 | Medium | 6.5 v3 | 0.4% | - | Fix available | 2025-10-07 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Path Traversal: '.../...//' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. |
| CVE-2025-20313 | Medium | 6.7 v3 | 0.2% | - | -No fix available yet | 2025-09-24 | Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path traversal and improper image integrity validation. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. ERP |
| CVE-2025-43886 | Medium | 4.4 v3 | 0.1% | - | Fix available | 2025-09-10 | Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. |
| CVE-2025-48317 | High | 7.5 v3 | 0.4% | - | -No fix available yet | 2025-09-05 | Path Traversal: '.../...//' vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay woocommerce-payment-gateway-for-saferpay allows Path Traversal.This issue affects WooCommerce Payment Gateway for Saferpay: from n/a through <= 0.4.9. |
- HighCVSS 8.1 v3·EPSS 0.4%·No fix yet
Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.
Published 2026-06-17
- CriticalCVSS 9.6 v3·EPSS 0.3%·No fix yet
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
Published 2026-06-15
- HighCVSS 7.5 v3·EPSS 0.3%·No fix yet
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
Published 2026-06-15
- HighCVSS 8.8 v3·EPSS 0.4%·No fix yet
Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.
Published 2026-06-15
- CriticalCVSS 9.0 v3·EPSS 0.5%·No fix yet
SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or modify sensitive information or render any part of the local system unavailable.
Published 2026-06-09
- MediumCVSS 4.2 v3·EPSS 0.2%·No fix yet
SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system causing low impact on Confidentiality and Integrity. Availability of the system is no impacted.
Published 2026-06-09
- CriticalCVSS 9.9 v3·EPSS 0.7%·No fix yet
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with Dokploy's remote server deployment feature, this vulnerability enables arbitrary file write to remote server filesystems, automatic remote code execution via cron jobs, complete server compromise, data exfiltration without user interaction, and persistent backdoor installation. This vulnerability bypasses all container isolation on remote server deployments.
Published 2026-05-29
- HighCVSS 8.8 v3·EPSS 1.0%·Fix available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published 2026-05-26
- HighCVSS 7.8 v3·EPSS 0.2%·No fix yet
`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges.
Published 2026-05-20
- CriticalCVSS 9.1 v3·EPSS 0.4%·No fix yet
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.
Published 2026-05-18
- HighCVSS 8.7 v3·EPSS 0.5%·No fix yet
When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published 2026-05-13
- MediumCVSS 6.8 v3·EPSS 0.9%·No fix yet
When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Published 2026-05-13
- HighCVSS 8.4 v3·EPSS 0.4%·No fix yet
A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code. * Write to /var/lib/rancher/ to tamper with cluster state. * If hostPath volumes are mounted, write to the host node filesystem. * Use this issue to chain with other attack vectors.
Published 2026-05-13
- MediumCVSS 6.7 v3·EPSS 0.1%·Fix available
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Published 2026-05-12
- HighCVSS 7.8 v4·EPSS 0.4%·No fix yet
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3. This discrepancy can result in heimdall authorizing a request for one path (e.g., /user/../admin, or URL-encoded variants such as /user/%2e%2e/admin or /user/%2e%2e%2fadmin. The latter would require the allow_encoded_slashes option to be set to on or no_decode.) while the downstream ultimately processes a different, normalized path (/admin). This issue has been patched in version 0.17.14.
Published 2026-05-08
- HighCVSS 8.8 v3·EPSS 0.7%·No fix yet
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.
Published 2026-05-06
- MediumCVSS 6.8 v3·EPSS 0.4%·Fix available
A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.
Published 2026-04-29
- CriticalCVSS 9.8 v3·EPSS 0.6%·No fix yet
Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory.
Published 2026-04-23
- MediumCVSS 4.4 v3·EPSS 0.1%·Fix available
PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
Published 2026-04-01
- HighCVSS 7.5 v3·EPSS 0.4%·No fix yet
Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through <= 1.0.4.
Published 2026-03-25
- MediumCVSS 5.0 v3·EPSS 0.3%·No fix yet
Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.
Published 2026-03-13
- CriticalCVSS 6.7 v3·EPSS 0.5%·No fix yet
'.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
Published 2026-03-06
- MediumCVSS 5.3 v3·EPSS 0.4%·No fix yet
Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8.
Published 2026-02-20
- CriticalCVSS 9.9 v3·EPSS 1.0%·Fix available
Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution.
Published 2026-02-17
- MediumCVSS 4.6 v3·EPSS 0.2%·No fix yet
Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.
Published 2026-02-10
- CVSS 2.3 v3·EPSS 0.2%·Fix available
A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories.
Published 2026-02-03
- CVSS 2.3 v3·EPSS 0.2%·Fix available
A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories.
Published 2026-02-03
- UnscoredCVSS -·EPSS 0.7%·No fix yet
The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible to retrieve all files stored on the file system, including the SQLite database Database.sq3, containing badge information and the corresponding PIN codes. Additionally, when trying to access certain files, the web server crashes and becomes unreachable for about 60 seconds. This can be abused to continuously send the request and cause denial of service.
Published 2026-01-26
- HighCVSS 7.7 v3·EPSS 0.3%·No fix yet
Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8.
Published 2026-01-08
- MediumCVSS 6.4 v3·EPSS 0.2%·No fix yet
Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10.
Published 2026-01-07
- HighCVSS 7.5 v3·EPSS 2.1%·Fix available
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in [email protected]. This version restricts file system access per default. This semver-major update does not introduce other breaking changes.
Published 2026-01-05
- MediumCVSS 6.5 v3·EPSS 0.3%·No fix yet
Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress pro-watermark allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through <= 2.0.
Published 2025-12-31
- CriticalCVSS 7.2 v3·EPSS 0.9%·No fix yet
'.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network.
Published 2025-12-18
- MediumCVSS 4.9 v3·EPSS 0.4%·No fix yet
Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through <= 1.7.1.
Published 2025-12-16
- MediumCVSS 5.7 v3·EPSS 0.1%·Fix available
A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.
Published 2025-12-10
- HighCVSS 8.8 v3·EPSS 0.6%·Fix available
A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution.
Published 2025-11-18
- MediumCVSS 6.4 v3·EPSS 0.1%·Fix available
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Published 2025-11-11
- HighCVSS 7.2 v3·EPSS 0.4%·No fix yet
Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.10.4.
Published 2025-11-06
- HighCVSS 8.1 v3·EPSS 0.4%·No fix yet
Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through < 1.5.
Published 2025-11-06
- HighCVSS 8.1 v3·EPSS 0.5%·Fix available
Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1.
Published 2025-11-06
- MediumCVSS 4.1 v3·EPSS 0.3%·No fix yet
Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through <= 3.17.0.
Published 2025-11-06
- UnscoredCVSS -·EPSS 0.3%·No fix yet
A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses.
Published 2025-10-30
- HighCVSS 8.6 v3·EPSS 1.9%·No fix yet
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file that is accessible by the TRUfusion user and can also be used to leak cleartext passwords of TRUfusion Enterprise itself.
Published 2025-10-27
- CriticalCVSS 9.8 v3·EPSS 1.2%·No fix yet
The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.
Published 2025-10-22
- MediumCVSS 6.5 v3·EPSS 0.4%·No fix yet
Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2.
Published 2025-10-20
- CriticalCVSS 9.8 v3·EPSS 0.7%·No fix yet
SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application.
Published 2025-10-14
- MediumCVSS 6.5 v3·EPSS 0.4%·Fix available
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Path Traversal: '.../...//' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Published 2025-10-07
- MediumCVSS 6.7 v3·EPSS 0.2%·No fix yet
Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path traversal and improper image integrity validation. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. ERP
Published 2025-09-24
- MediumCVSS 4.4 v3·EPSS 0.1%·Fix available
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
Published 2025-09-10
- HighCVSS 7.5 v3·EPSS 0.4%·No fix yet
Path Traversal: '.../...//' vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay woocommerce-payment-gateway-for-saferpay allows Path Traversal.This issue affects WooCommerce Payment Gateway for Saferpay: from n/a through <= 0.4.9.
Published 2025-09-05
Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.