Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-1703 | 2026-02-03 | N/A | N/A | ||
|
When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.
|
|||||
| CVE-2020-37034 | 2026-02-03 | N/A | 7.5 HIGH | ||
|
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files.
|
|||||
| CVE-2026-24123 | 1 Bentoml | 1 Bentoml | 2026-02-03 | N/A | 7.4 HIGH |
|
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to version 1.4.34, BentoML's `bentofile.yaml` configuration allows path traversal attacks through multiple file path fields (`description`, `docker.setup_script`, `docker.dockerfile_template`, `conda.environment_yml`). An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files from the filesystem into the bento archive. This enables supply ch ...
Show More |
|||||
| CVE-2025-69612 | 1 Tmsglobalsoft | 1 Tms Management Console | 2026-02-03 | N/A | 6.5 MEDIUM |
|
A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read arbitrary files, such as the server's Web.config.
|
|||||
| CVE-2026-21227 | 1 Microsoft | 1 Azure Logic Apps | 2026-02-03 | N/A | 8.2 HIGH |
|
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network.
|
|||||
| CVE-2026-22218 | 1 Chainlit | 1 Chainlit | 2026-02-02 | N/A | 6.5 MEDIUM |
|
Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element identifier (chainlitKey) can then be used to retrieve the file contents via /project/file/<chainlitKey>, allowing disclosure of any file readable by the Chainlit service.
|
|||||
| CVE-2025-69820 | 1 Beam | 1 Beta9 | 2026-02-02 | N/A | 6.0 MEDIUM |
|
Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function.
|
|||||
| CVE-2021-47849 | 1 Yodinfo | 1 Mini Mouse | 2026-02-02 | N/A | 6.2 MEDIUM |
|
Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests.
|
|||||
| CVE-2021-47850 | 1 Yodinfo | 1 Mini Mouse | 2026-02-02 | N/A | 7.5 HIGH |
|
Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating file and path parameters.
|
|||||
| CVE-2021-47751 | 1 Phphtmledit | 1 Rich Text Editor | 2026-02-02 | N/A | 7.5 HIGH |
|
CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath() function by renaming uploaded HTML files using directory traversal sequences to write files outside the intended template directory.
|
|||||
| CVE-2018-25144 | 1 Microhardcorp | 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more | 2026-02-02 | N/A | 8.4 HIGH |
|
Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.
|
|||||
| CVE-2026-21851 | 1 Project-monai | 1 Monai | 2026-02-02 | N/A | 5.3 MEDIUM |
|
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.extractall()` without path validation, while other similar download functions in the same codebase properly use the existing `safe_extract_member()` function. Commit 4014c8475626f20f158921ae0cf98ed259ae4d59 fixes this issue.
|
|||||
| CVE-2020-11738 | 1 Awesomemotive | 1 Duplicator | 2026-02-02 | 5.0 MEDIUM | 7.5 HIGH |
|
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
|
|||||
| CVE-2026-24842 | 1 Isaacs | 1 Tar | 2026-02-02 | N/A | 8.2 HIGH |
|
node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.
|
|||||
| CVE-2026-24770 | 1 Infiniflow | 1 Ragflow | 2026-01-30 | N/A | 9.8 CRITICAL |
|
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading to Remote Code Execution) via a malicious ZIP archive. The MinerUParser class retrieves and extracts ZIP files from an external source (mineru_server_url). The extraction logic in `_extract_zip_no_root` fails to sanitize filenames within the ZIP archiv ...
Show More |
|||||
| CVE-2025-13879 | 1 Efficientip | 1 Solidserver Ip Address Management | 2026-01-30 | N/A | 2.7 LOW |
|
Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/ajax.php?action=sections/list/list'.For examplem setting the 'directory' parameter to '/' displays files outside the 'LOCAL:///' folder.
|
|||||
| CVE-2025-67488 | 1 B3log | 1 Siyuan | 2026-01-30 | N/A | 7.8 HIGH |
|
SiYuan is self-hosted, open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd which is vulnerable to ZipSlips, allowing an authenticated user to overwrite files on the system. An authenticated user with access to the import functionality in notes is able to overwrite any file on the system, and can escalate to full code execution under some circumstances. A fix is planned for version 3.5.0.
|
|||||
| CVE-2026-23954 | 1 Linuxcontainers | 1 Incus | 2026-01-30 | N/A | 8.7 HIGH |
|
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write. This ultimately results in arbitrary command execution on the host. When using an image with a metadata.yaml containing templates, both the source and target paths ...
Show More |
|||||
| CVE-2026-23850 | 1 B3log | 1 Siyuan | 2026-01-30 | N/A | 7.5 HIGH |
|
SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read (LFD). Version 3.5.4 fixes the issue.
|
|||||
| CVE-2026-23851 | 1 B3log | 1 Siyuan | 2026-01-30 | N/A | 6.5 MEDIUM |
|
SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper path validation. The vulnerability exists in the api/file.go source code. The function globalCopyFiles accepts a list of source paths (srcs) from the JSON request body. While the code checks if the source f ...
Show More |
|||||
| CVE-2022-50932 | 1 Kyocera | 1 Command Center Rx | 2026-01-30 | N/A | 7.5 HIGH |
|
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg (null-byte appended traversal) to access critical files such as /etc/passwd and /etc/shadow.
|
|||||
| CVE-2025-67160 | 1 Vatilon | 2 Pa4, Pa4 Firmware | 2026-01-30 | N/A | 7.5 HIGH |
|
An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal.
|
|||||
| CVE-2025-6776 | 1 Xiaoyunjie | 1 Openvpn-cms-flask | 2026-01-30 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the component File Upload. The manipulation of the argument image leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The name of the patch is e23559b98c8ea2957f09978c29f4e512ba78 ...
Show More |
|||||
| CVE-2025-9435 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2026-01-29 | N/A | 5.5 MEDIUM |
|
Zohocorp ManageEngine ADManager Plus versions below 7230 are vulnerable to Path Traversal in the User Management module
|
|||||
| CVE-2020-36939 | 2026-01-29 | N/A | 7.5 HIGH | ||
|
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache Cassandra database credentials.
|
|||||
| CVE-2020-36970 | 2026-01-29 | N/A | 8.4 HIGH | ||
|
PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the getgif.php endpoint.
|
|||||
| CVE-2026-1056 | 2026-01-29 | N/A | 9.8 CRITICAL | ||
|
The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
|
|||||
| CVE-2026-1616 | 2026-01-29 | N/A | 7.5 HIGH | ||
|
The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters.
|
|||||
| CVE-2020-37015 | 2026-01-29 | N/A | 7.5 HIGH | ||
|
Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retrieve system configuration files containing credentials and network settings.
|
|||||
| CVE-2025-69097 | 2026-01-29 | N/A | 8.1 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through <= 1.9.9.5.4.
|
|||||
| CVE-2025-67963 | 2026-01-29 | N/A | 8.6 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ovatheme Movie Booking movie-booking allows Path Traversal.This issue affects Movie Booking: from n/a through <= 1.1.5.
|
|||||
| CVE-2022-50890 | 2 Apple, Skyjos | 6 Ipados, Iphone Os, Macos and 3 more | 2026-01-29 | N/A | 7.5 HIGH |
|
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the device.
|
|||||
| CVE-2015-1579 | 1 Elegantthemes | 1 Divi | 2026-01-28 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.
|
|||||
| CVE-2025-14306 | 1 Robocode | 1 Robocode | 2026-01-28 | N/A | 9.1 CRITICAL |
|
A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the file path, leading to potential unauthorized file deletions. https://robo-code.blogspot.com/
|
|||||
| CVE-2024-39651 | 1 Wpwebelite | 1 Woocommerce Pdf Vouchers | 2026-01-28 | N/A | 8.6 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPWeb WooCommerce PDF Vouchers allows File Manipulation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.5.
|
|||||
| CVE-2026-23888 | 1 Pnpm | 1 Pnpm | 2026-01-28 | N/A | 6.5 MEDIUM |
|
pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: (1) Malicious ZIP entries containing `../` or absolute paths that escape the extraction root via AdmZip's `extractAllTo`, and (2) The `BinaryResolution.prefix` field is concatenated into the extraction path without validation, allowing a crafted prefix like `../../ ...
Show More |
|||||
| CVE-2026-23889 | 2 Microsoft, Pnpm | 2 Windows, Pnpm | 2026-01-28 | N/A | 6.5 MEDIUM |
|
pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for `./` but not `.\`. On Windows, backslashes are directory separators, enabling path traversal. This vulnerability is Windows-only. This issue impacts Windows pnpm users and Windows CI/CD pipelines (GitHub Actions Windows runners, Azure DevOps). It can lead to overwr ...
Show More |
|||||
| CVE-2026-24056 | 1 Pnpm | 1 Pnpm | 2026-01-28 | N/A | 6.5 MEDIUM |
|
pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a `file:` (directory) or `git:` dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) causes pnpm to copy that file's contents into `node_modules`, leaking local data. The vulnerability only affects `file:` and `git:` dependencies. Registry packages (npm) have symlinks s ...
Show More |
|||||
| CVE-2025-68912 | 2026-01-28 | N/A | 8.6 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Harmonic Design HDForms hdforms allows Path Traversal.This issue affects HDForms: from n/a through <= 1.6.1.
|
|||||
| CVE-2026-24131 | 1 Pnpm | 1 Pnpm | 2026-01-28 | N/A | 5.5 MEDIUM |
|
pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's `directories.bin` field, it uses `path.join()` without validating the result stays within the package root. A malicious npm package can specify `"directories": {"bin": "../../../../tmp"}` to escape the package directory, causing pnpm to chmod 755 files at arbitrary locations. This issue only affects Unix/Linux/macOS. Windows is not affected (`fixBin` gated by `EXECUTABLE_SHEBANG_SUPPORTED`). Version 10.28.2 cont ...
Show More |
|||||