CVEs classified under CWE-27, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2024-21896 — CVSS 9.8 (critical): The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path…
CVE-2025-10438 — CVSS 8.6 (high): Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry…
CVE-2025-58761 — CVSS 8.6 (high): Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The `real_pms_image_proxy` endpoint in Tautulli v2.15.3 and…
CVE-2024-24809 — CVSS 8.5 (high): Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with…
CVE-2024-43658: Patch traversal, External Control of File Name or Path vulnerability in Iocharger Home allows deletion of arbitrary files This issue…
CVE-2023-20090 — CVSS 6.7 (medium): A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an…
CVE-2025-52237 — CVSS 6.5 (medium): An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal.
CVE-2023-20127 — CVSS 6.5 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager…
CVE-2026-20018 — CVSS 5.9 (medium): A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat…
CVE-2025-58292 — CVSS 3.3 (low): Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.