CWE-22

Path Traversal

MITRE

No catalog description on file. The MITRE CWE site has the canonical reference.

CVEs (total)

167

Critical

High

Medium

Low

Severity distribution

Recent CVEs

showing 50 of 167

CVE-2026-44705—EPSS 0%5 h ago
tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix,
npm
CVE-2026-12089Medium· 4.95 h ago
The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combine_current_css() function trusting <link rel="stylesheet"
CVE-2026-53825Medium· 6.510 h ago
OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers wi
CVE-2026-53519Critical· 9.110 h ago
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admi
CVE-2026-54394—11 h ago
MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved
CVE-2026-45775Medium· 6.8EPSS 0%11 h ago
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability in Discourse backup handling could
CVE-2026-24717Medium· 6.5EPSS 0%12 h ago
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or syst
CVE-2026-43872—EPSS 0%12 h ago
Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue.
CVE-2026-46703—EPSS 0%13 h ago
Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host
pypicrates.ionpmgo
CVE-2026-49233—EPSS 0%13 h ago
Routinator has cache path traversal when processing the module component of rsync URIs
crates.io
CVE-2026-44171Medium· 6.3EPSS 0%14 h ago
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path whe
CVE-2026-3840High· 7.114 h ago
A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolates user-supplied version strings into fil
CVE-2026-6961High· 7.615 h ago
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared channel file sync, which allows an attacker who controls
CVE-2023-35081High· 7.2KEVEPSS 91%15 h ago
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
CVE-2023-47246Critical· 9.8KEVEPSS 94%15 h ago
SysAid Server Path Traversal Vulnerability
CVE-2024-41713Critical· 9.1KEVEPSS 94%15 h ago
Mitel MiCollab Path Traversal Vulnerability
CVE-2021-41773Critical· 9.8KEVEXPLOITEPSS 94%15 h ago
Apache HTTP Server Path Traversal Vulnerability
CVE-2019-16278Critical· 9.8KEVEXPLOITEPSS 94%15 h ago
Nostromo nhttpd Directory Traversal Vulnerability
CVE-2019-7194Critical· 9.8KEVEXPLOITEPSS 94%15 h ago
QNAP Photo Station Path Traversal Vulnerability
CVE-2015-0666High· 7.5KEVEPSS 60%15 h ago
Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability
CVE-2019-7483High· 7.5KEVEPSS 48%15 h ago
SonicWall SMA100 Directory Traversal Vulnerability
CVE-2019-20085High· 7.5KEVEXPLOITEPSS 94%15 h ago
TVT NVMS-1000 Directory Traversal Vulnerability
CVE-2018-2380Medium· 6.6KEVEXPLOITEPSS 49%15 h ago
SAP Customer Relationship Management (CRM) Path Traversal Vulnerability
CVE-2015-4068Critical· 9.1KEVEPSS 80%15 h ago
Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability
CVE-2024-28995High· 8.6KEVEXPLOITEPSS 94%15 h ago
SolarWinds Serv-U Path Traversal Vulnerability
CVE-2025-8110High· 8.8KEVEPSS 18%15 h ago
Gogs Path Traversal Vulnerability
CVE-2024-57728High· 7.2KEVEPSS 53%15 h ago
SimpleHelp Path Traversal Vulnerability
CVE-2023-32315High· 8.6KEVEXPLOITEPSS 94%15 h ago
Ignite Realtime Openfire Path Traversal Vulnerability
CVE-2025-34028Critical· 10.0KEVEPSS 69%15 h ago
Commvault Command Center Path Traversal Vulnerability
CVE-2024-55550Low· 2.7KEVEPSS 18%15 h ago
Mitel MiCollab Path Traversal Vulnerability
CVE-2024-1708High· 8.4KEVEXPLOITEPSS 85%15 h ago
ConnectWise ScreenConnect Path Traversal Vulnerability
CVE-2024-11667High· 7.5KEVEPSS 29%15 h ago
Zyxel Multiple Firewalls Path Traversal Vulnerability
CVE-2021-20124High· 7.5KEVEPSS 94%15 h ago
Draytek VigorConnect Path Traversal Vulnerability
CVE-2025-6218High· 7.8KEVEPSS 6%15 h ago
RARLAB WinRAR Path Traversal Vulnerability
CVE-2024-57727High· 7.5KEVEXPLOITEPSS 94%15 h ago
SimpleHelp Path Traversal Vulnerability
CVE-2022-30333High· 7.5KEVEXPLOITEPSS 93%15 h ago
RARLAB UnRAR Directory Traversal Vulnerability
CVE-2015-0016High· 7.8KEVEXPLOITEPSS 92%15 h ago
Microsoft Windows TS WebProxy Directory Traversal Vulnerability
CVE-2025-2749High· 7.2KEVEPSS 5%15 h ago
Kentico Xperience Path Traversal Vulnerability
CVE-2020-36193High· 7.5KEVEPSS 71%15 h ago
PEAR Archive_Tar Improper Link Resolution Vulnerability
CVE-2024-7262High· 7.8KEVEPSS 10%15 h ago
Kingsoft WPS Office Path Traversal Vulnerability
CVE-2020-14864High· 7.5KEVEXPLOITEPSS 94%15 h ago
Oracle Business Intelligence Enterprise Edition Path Transversal
CVE-2018-5430High· 8.8KEVEXPLOITEPSS 41%15 h ago
TIBCO JasperReports Server Information Disclosure Vulnerability
CVE-2022-27925High· 7.2KEVEXPLOITEPSS 94%15 h ago
Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability
CVE-2022-29464Critical· 9.8KEVEXPLOITEPSS 94%15 h ago
WSO2 Multiple Products Unrestrictive Upload of File Vulnerability
CVE-2020-1631High· 8.8KEVEPSS 5%15 h ago
Juniper Junos OS Path Traversal Vulnerability
CVE-2021-42013Critical· 9.8KEVEXPLOITEPSS 94%15 h ago
Apache HTTP Server Path Traversal Vulnerability
CVE-2019-19781Critical· 9.8KEVEXPLOITEPSS 94%15 h ago
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability
CVE-2022-41328Medium· 6.7KEVEPSS 0%15 h ago
Fortinet FortiOS Path Traversal Vulnerability
CVE-2024-0769Medium· 5.3KEVEPSS 77%15 h ago
D-Link DIR-859 Router Path Traversal Vulnerability
CVE-2021-40444High· 8.8KEVEXPLOITEPSS 94%15 h ago
Microsoft MSHTML Remote Code Execution Vulnerability

CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.