CVEs classified under CWE-24, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-39813 — CVSS 9.8 (critical): A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow…
CVE-2026-49103: Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in…
CVE-2025-61318 — CVSS 9.1 (critical): Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the…
CVE-2023-6699 — CVSS 9.1 (critical): The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and…
CVE-2025-54769 — CVSS 8.8 (high): An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of…
CVE-2025-60344 — CVSS 8.6 (high): A path traversal (directory traversal) vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate…
CVE-2026-40318 — CVSS 8.5 (high): SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint…
CVE-2023-53691 — CVSS 8.3 (high): Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files…
CVE-2026-22810 — CVSS 8.2 (high): Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a…
CVE-2025-63298 — CVSS 8.2 (high): A path traversal vulnerability was identified in SourceCodester Pet Grooming Management System 1.0, affecting the admin/manage_website.php…
CVE-2025-67364 — CVSS 7.5 (high): fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file…
CVE-2025-51661 — CVSS 7.5 (high): A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use…
CVE-2025-48050 — CVSS 7.5 (high): In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working…
CVE-2024-22079 — CVSS 7.5 (high): An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs…
CVE-2026-41082 — CVSS 7.3 (high): In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.
CVE-2025-57618 — CVSS 7.3 (high): A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By…
CVE-2022-1743 — CVSS 6.8 (medium): The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election…
CVE-2026-44942 — CVSS 6.5 (medium): A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before…
CVE-2026-33431 — CVSS 6.5 (medium): Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST…
CVE-2025-57563 — CVSS 6.5 (medium): A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files.
CVE-2022-20656 — CVSS 6.5 (medium): A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to…
CVE-2025-67845 — CVSS 6.4 (medium): A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to…
CVE-2024-53636 — CVSS 6.4 (medium): An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows…
CVE-2025-61189 — CVSS 6.3 (medium): Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This…
CVE-2025-61188 — CVSS 6.3 (medium): Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files…
CVE-2024-2825 — CVSS 6.3 (medium): A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file…
CVE-2024-2564 — CVSS 6.3 (medium): A vulnerability was found in PandaXGO PandaX up to 20240310 and classified as critical. This issue affects the function ExportUser of the…
CVE-2023-7058 — CVSS 6.3 (medium): A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this…
CVE-2024-43035 — CVSS 5.8 (medium): Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer…
CVE-2025-47423 — CVSS 5.8 (medium): Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in…
CVE-2026-21436 — CVSS 5.5 (medium): eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by…
CVE-2025-59342: esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a path-traversal flaw in the handling of…
CVE-2024-3218 — CVSS 5.4 (medium): A vulnerability classified as critical has been found in Shibang Communications IP Network Intercom Broadcasting System 1.0. This affects…
CVE-2024-2563 — CVSS 5.4 (medium): A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function…
CVE-2024-0417 — CVSS 5.4 (medium): A vulnerability, which was classified as critical, was found in DeShang DSShop up to 2.1.5. This affects an unknown part of the file…
CVE-2024-0416 — CVSS 5.4 (medium): A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Affected by this issue is some unknown…
CVE-2023-7041 — CVSS 5.4 (medium): A vulnerability, which was classified as critical, has been found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this issue is some…
CVE-2025-32807 — CVSS 5.3 (medium): A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png…
CVE-2024-1459 — CVSS 5.3 (medium): A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an…
CVE-2024-3227 — CVSS 4.7 (medium): A vulnerability was found in Panwei eoffice OA up to 9.5. It has been declared as critical. This vulnerability affects unknown code of the…
CVE-2025-46646 — CVSS 4.5 (medium): In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of…
CVE-2025-26427 — CVSS 4.4 (medium): In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of…
CVE-2025-68430 — CVSS 4.3 (medium): CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with…
CVE-2025-56760 — CVSS 4.3 (medium): When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path…
CVE-2023-7040 — CVSS 4.3 (medium): A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown…
CVE-2023-4171 — CVSS 4.3 (medium): A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability…
CVE-2023-3057 — CVSS 4.3 (medium): A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file…
CVE-2023-3056 — CVSS 4.3 (medium): A vulnerability was found in YFCMF up to 3.0.4. It has been declared as problematic. This vulnerability affects unknown code of the file…