CVEs classified under CWE-41, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2025-24470 — CVSS 8.6 (high): An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through…
CVE-2026-5816 — CVSS 8.0 (high): GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have…
CVE-2025-43298 — CVSS 7.8 (high): A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7…
CVE-2026-23674 — CVSS 7.5 (high): Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-49401 — CVSS 7.3 (high): Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution…
CVE-2024-8765 — CVSS 7.3 (high): In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as…
CVE-2025-0115: A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The…
CVE-2023-46169 — CVSS 6.5 (medium): IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily delete a…
CVE-2024-45405 — CVSS 6.0 (medium): `gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to…
CVE-2026-34510 — CVSS 5.3 (medium): OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style…
CVE-2024-6839 — CVSS 5.3 (medium): corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns…
CVE-2025-54107 — CVSS 4.3 (medium): Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-21247 — CVSS 4.3 (medium): Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-50568 — CVSS 3.6 (low): Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on…
CVE-2025-58290 — CVSS 3.3 (low): Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.