CVEs classified under CWE-23, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-52813 — CVSS 10.0 (critical): Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences (../) are accepted…
CVE-2026-8326: Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all…
CVE-2026-33494 — CVSS 10.0 (critical): ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access…
CVE-2023-3941 — CVSS 10.0 (critical): Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges…
CVE-2024-24578 — CVSS 10.0 (critical): RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version…
CVE-2012-6069 — CVSS 10.0 (critical): The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and…
CVE-2025-62878 — CVSS 9.9 (critical): A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially…
CVE-2025-52207 — CVSS 9.9 (critical): PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory.
CVE-2023-40714 — CVSS 9.9 (critical): A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to…
CVE-2024-3025 — CVSS 9.9 (critical): mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo…
CVE-2023-6825 — CVSS 9.9 (critical): The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version…
CVE-2024-47856 — CVSS 9.8 (critical): In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or…
CVE-2025-23410 — CVSS 9.8 (critical): When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path…
CVE-2023-34990 — CVSS 9.8 (critical): A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized…
CVE-2020-25172 — CVSS 9.8 (critical): A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or…
CVE-2026-41948 — CVSS 9.4 (critical): Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to…
CVE-2026-23734: XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration…
CVE-2025-41268 — CVSS 9.1 (critical): Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in…
CVE-2026-41551 — CVSS 9.1 (critical): A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user…
CVE-2026-25057 — CVSS 9.1 (critical): MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip…
CVE-2025-55747 — CVSS 9.1 (critical): XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2…
CVE-2024-8551 — CVSS 9.1 (critical): A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the…
CVE-2024-47051 — CVSS 9.1 (critical): This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be…
CVE-2022-20755 — CVSS 9.0 (critical): Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video…
CVE-2022-20754 — CVSS 9.0 (critical): Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video…
CVE-2026-25707 — CVSS 8.8 (high): A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers…
CVE-2026-50016 — CVSS 8.8 (high): pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain…
CVE-2025-62498 — CVSS 8.8 (high): A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows…
CVE-2025-55115 — CVSS 8.8 (high): A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the…
CVE-2025-7619 — CVSS 8.8 (high): BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a…
CVE-2025-48817 — CVSS 8.8 (high): Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-34510 — CVSS 8.8 (high): Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are…
CVE-2025-32017 — CVSS 8.8 (high): Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft…
CVE-2024-54449 — CVSS 8.8 (high): The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to…
CVE-2025-26645 — CVSS 8.8 (high): Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-23011 — CVSS 8.8 (high): Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). A remote, authenticated attacker can upload a…
CVE-2024-3497 — CVSS 8.8 (high): Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the…
CVE-2024-35186 — CVSS 8.8 (high): gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the…
CVE-2024-33615 — CVSS 8.8 (high): A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file…
CVE-2026-8100: Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific…
CVE-2026-29201 — CVSS 8.6 (high): Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a…
CVE-2026-43533 — CVSS 8.6 (high): OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local…