Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-31801

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-29 Apr, 2024 | 00:00
Updated At-02 Aug, 2024 | 01:59
Rejected At-
Credits

Directory Traversal vulnerability in NEXSYS-ONE before v.Rev.15320 allows a remote attacker to obtain sensitive information via a crafted request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:29 Apr, 2024 | 00:00
Updated At:02 Aug, 2024 | 01:59
Rejected At:
▼CVE Numbering Authority (CNA)

Directory Traversal vulnerability in NEXSYS-ONE before v.Rev.15320 allows a remote attacker to obtain sensitive information via a crafted request.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.nexsysone.com/
N/A
https://dishdev.nexsysone.com/nexsysonev3/
N/A
https://gist.github.com/hamoshwani/6e207aa4ea513438cd75b97c1fc8abfe
N/A
Hyperlink: https://www.nexsysone.com/
Resource: N/A
Hyperlink: https://dishdev.nexsysone.com/nexsysonev3/
Resource: N/A
Hyperlink: https://gist.github.com/hamoshwani/6e207aa4ea513438cd75b97c1fc8abfe
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
nexsys-one
Product
nexsys-one
CPEs
  • cpe:2.3:a:nexsys-one:nexsys-one:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before Rev.15320 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-22
Description: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.nexsysone.com/
x_transferred
https://dishdev.nexsysone.com/nexsysonev3/
x_transferred
https://gist.github.com/hamoshwani/6e207aa4ea513438cd75b97c1fc8abfe
x_transferred
Hyperlink: https://www.nexsysone.com/
Resource:
x_transferred
Hyperlink: https://dishdev.nexsysone.com/nexsysonev3/
Resource:
x_transferred
Hyperlink: https://gist.github.com/hamoshwani/6e207aa4ea513438cd75b97c1fc8abfe
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:29 Apr, 2024 | 20:15
Updated At:15 Apr, 2026 | 00:35

Directory Traversal vulnerability in NEXSYS-ONE before v.Rev.15320 allows a remote attacker to obtain sensitive information via a crafted request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-22Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-22
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://dishdev.nexsysone.com/nexsysonev3/cve@mitre.org
N/A
https://gist.github.com/hamoshwani/6e207aa4ea513438cd75b97c1fc8abfecve@mitre.org
N/A
https://www.nexsysone.com/cve@mitre.org
N/A
https://dishdev.nexsysone.com/nexsysonev3/af854a3a-2127-422b-91ae-364da2661108
N/A
https://gist.github.com/hamoshwani/6e207aa4ea513438cd75b97c1fc8abfeaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.nexsysone.com/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://dishdev.nexsysone.com/nexsysonev3/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://gist.github.com/hamoshwani/6e207aa4ea513438cd75b97c1fc8abfe
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.nexsysone.com/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://dishdev.nexsysone.com/nexsysonev3/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://gist.github.com/hamoshwani/6e207aa4ea513438cd75b97c1fc8abfe
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.nexsysone.com/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1131Records found

CVE-2022-37060
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-15.20% / 96.35%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 00:00
Updated-17 Oct, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files located outside of the server's restricted path. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.

Action-Not Available
Vendor-flirn/a
Product-flir_ax8_firmwareflir_ax8n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-9935
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-7.49% / 93.73%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 03:20
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF Generator Addon for Elementor Page Builder <= 2.0.0 - Unauthenticated Arbitrary File Download

The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.0.0 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. CVE-2025-24569 may be a duplicate of this issue.

Action-Not Available
Vendor-redefiningthewebredefiningtheweb
Product-PDF Generator for WordPress Elementorpdf_generator_addon_for_elementor_page_builder
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-36081
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.82% / 52.78%
||
7 Day CHG~0.00%
Published-07 Sep, 2022 | 21:00
Updated-23 Apr, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wikmd vulnerable to Local File Enumeration when accessing /list

Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, Wikmd is vulnerable to path traversal when accessing `/list/<path:folderpath>` and discloses lists of files located on the server including sensitive data. Version 1.7.1 fixes this issue.

Action-Not Available
Vendor-wikmd_projectLinbreux
Product-wikmdwikmd
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-23
Relative Path Traversal
CVE-2024-8876
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.78% / 51.55%
||
7 Day CHG~0.00%
Published-15 Sep, 2024 | 22:00
Updated-20 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xiaohe4966 TpMeCMS lang path traversal

A vulnerability, which was classified as problematic, has been found in xiaohe4966 TpMeCMS up to 1.3.3.1. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.3.2 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-xiaohe4966xiaohe4966xiaohe4966
Product-tpmecmsTpMeCMStpmecms
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-8352
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.95% / 56.79%
||
7 Day CHG~0.00%
Published-03 Oct, 2024 | 03:32
Updated-08 Apr, 2026 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Social Web Suite – Social Media Auto Post, Social Media Auto Publish <= 4.1.11 - Directory Traversal to Arbitrary File Download

The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Action-Not Available
Vendor-hypestudiodejanmarkovic
Product-social_web_suiteSocial Web Suite – Social Media Auto Post, Social Media Auto Publish
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-7924
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-1.42% / 69.58%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 18:00
Updated-21 Aug, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZZCMS list.php path traversal

A vulnerability was found in ZZCMS 2023. It has been declared as critical. This vulnerability affects unknown code of the file /I/list.php. The manipulation of the argument skin leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-zzcmsn/azzcms
Product-zzcmsZZCMSzzcms
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-8410
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.69% / 48.32%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 15:00
Updated-05 Sep, 2024 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ABCD ABCD2 otros_sitios.php path traversal

A vulnerability classified as problematic was found in ABCD ABCD2 up to 2.2.0-beta-1. This vulnerability affects unknown code of the file /abcd/opac/php/otros_sitios.php. The manipulation of the argument sitio leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-abcd-communityABCD
Product-abcdABCD2
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-7962
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.78% / 51.48%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 12:47
Updated-01 Nov, 2024 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Read via Insufficient Validation in gaizhenbiao/chuanhuchatgpt

An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except for the first line, every other line must contain commas. This vulnerability allows reading parts of format-compliant files, including code and log files, which may contain highly sensitive information such as account credentials.

Action-Not Available
Vendor-gaizhenbiaogaizhenbiaogaizhenbiao
Product-chuanhuchatgptgaizhenbiao/chuanhuchatgptgaizhenbiao\/chuanhuchatgpt
CWE ID-CWE-29
Path Traversal: '\..\filename'
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-8524
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-1.21% / 64.74%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 10:11
Updated-15 Oct, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Directory Traversal in modelscope/agentscope

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint.

Action-Not Available
Vendor-modelscopemodelscope
Product-agentscopemodelscope/agentscope
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-7927
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.93% / 56.34%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 20:00
Updated-04 Sep, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZZCMS class.php path traversal

A vulnerability classified as critical was found in ZZCMS 2023. Affected by this vulnerability is an unknown functionality of the file /admin/class.php?dowhat=modifyclass. The manipulation of the argument skin[] leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-zzcmsn/azzcms
Product-zzcmsZZCMSzzcms
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-35410
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.75% / 75.12%
||
7 Day CHG~0.00%
Published-08 Jul, 2022 | 17:35
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.

Action-Not Available
Vendor-0xacabn/aDebian GNU/Linux
Product-mat2debian_linuxn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-7693
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.97% / 57.35%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 02:44
Updated-06 Sep, 2024 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Team Johnlong software Raiden MAILD Remote Management System - Arbitrary File Reading through Path Traversal

Raiden MAILD Remote Management System from Team Johnlong Software has a Relative Path Traversal vulnerability, allowing unauthenticated remote attackers to read arbitrary file on the remote server.

Action-Not Available
Vendor-raidenmaildTeam Johnlong softwareteam_johnlong
Product-raidenmaildRaiden MAILD Remote Management Systemraiden_maild_remote_management_system
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-7928
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-16.88% / 96.67%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 21:31
Updated-13 Sep, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FastAdmin lang path traversal

A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.4.20220530 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-fastadminn/afastadmin
Product-fastadminFastAdminfastadmin
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-25965
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.67% / 47.50%
||
7 Day CHG-0.08%
Published-24 Feb, 2026 | 01:20
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick's policy bypass through path traversal allows reading restricted content despite secured policy

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/* can be bypassed by a path traversal. The OS resolves the traversal and opens the sensitive file, but the policy matcher only sees the unnormalized path and therefore allows the read. This enables local file disclosure (LFI) even when policy-secure.xml is applied. Actions to prevent reading from files have been taken in versions .7.1.2-15 and 6.9.13-40 But it make sure writing is also not possible the following should be added to one's policy. This will also be included in ImageMagick's more secure policies by default.

Action-Not Available
Vendor-ImageMagick Studio LLCRed Hat, Inc.
Product-imagemagickImageMagickRed Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-35650
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-7.5||HIGH
EPSS-49.10% / 98.74%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 15:29
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.

Action-Not Available
Vendor-n/aMoodle Pty LtdFedora Project
Product-fedoramoodleMoodle
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1681
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-6.28% / 92.73%
||
7 Day CHG~0.00%
Published-21 Feb, 2019 | 20:00
Updated-19 Nov, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability

A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of user-supplied input within TFTP requests processed by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques in malicious requests sent to the TFTP service on a targeted device. An exploit could allow the attacker to retrieve arbitrary files from the targeted device, resulting in the disclosure of sensitive information. This vulnerability affects Cisco IOS XR Software releases prior to Release 6.5.2 for Cisco Network Convergence System 1000 Series devices when the TFTP service is enabled.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrCisco Network Convergence System 1000 Series
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-35216
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-7.5||HIGH
EPSS-1.11% / 62.00%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 09:15
Updated-16 Sep, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ITPison OMICARD EDM - Use of Hard-coded Credentials

OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files.

Action-Not Available
Vendor-omicard_edm_projectITPison
Product-omicard_edmOMICARD EDM
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-35920
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.3||HIGH
EPSS-0.96% / 57.21%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 21:35
Updated-22 Apr, 2025 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Limitation of a Pathname to a Restricted Directory in sanic

Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.

Action-Not Available
Vendor-sanic_projectsanic-org
Product-sanicsanic
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-6648
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-8.7||HIGH
EPSS-0.56% / 42.21%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 12:16
Updated-13 May, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal in AP Page Builder

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'product_item_path' within the 'config' JSON file, allowing them to read any file on the system.

Action-Not Available
Vendor-apollothemeApollo Theme
Product-ap_pagebuilderAP Page Builder
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34126
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.16% / 63.37%
||
7 Day CHG~0.00%
Published-16 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Activity plugin before 3.1.1 for GLPI allows reading local files via directory traversal in the front/cra.send.php file parameter.

Action-Not Available
Vendor-n/aGLPI Project
Product-activityn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-17187
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-10.77% / 95.29%
||
7 Day CHG~0.00%
Published-08 Oct, 2019 | 14:34
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files.

Action-Not Available
Vendor-fiberhomen/a
Product-hg2201thg2201t_firmwaren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-67254
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.72% / 74.66%
||
7 Day CHG~0.00%
Published-29 Dec, 2025 | 00:00
Updated-15 Jan, 2026 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.

Action-Not Available
Vendor-n/aNagios Enterprises, LLC
Product-nagios_xin/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-39037
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-7.5||HIGH
EPSS-1.22% / 65.13%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 02:20
Updated-01 May, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FLOWRING Agentflow BPM - Path Traversal

Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.

Action-Not Available
Vendor-flowringFLOWRING
Product-agentflowAgentflow BPM
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-58312
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-1.03% / 59.66%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 21:42
Updated-07 Apr, 2026 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
xbtitFM 4.1.18 Unauthenticated Path Traversal in nfogen.php

xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal characters in HTTP requests.

Action-Not Available
Vendor-xbtitfmxbtitfm
Product-xbtitfmxbtitFM
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-5882
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.76% / 50.85%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 06:00
Updated-01 Aug, 2024 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ultimate Classified Listings < 1.3 - Unauthenticated LFI

The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the `ucl_page` and `layout` parameters allowing unauthenticated users to access PHP files on the server from the listings page

Action-Not Available
Vendor-Unknownwebcodingplace
Product-Ultimate Classified Listingsultimate_classified_listings
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-6445
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-10||CRITICAL
EPSS-0.59% / 43.78%
||
7 Day CHG~0.00%
Published-06 Sep, 2024 | 13:33
Updated-03 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Local File Inclusion (LFI) in DataFlowX's DataDiodeX

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal. This issue affects DataDiodeX: from v3.0.0 before v3.1.7.

Action-Not Available
Vendor-dataflowxDataFlowX Technologydataflowx
Product-datadiodexDataDiodeXdatadiodex
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-3389
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.2||HIGH
EPSS-1.00% / 58.44%
||
7 Day CHG~0.00%
Published-06 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path Traversal in ikus060/rdiffweb

Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10.

Action-Not Available
Vendor-IKUS Software
Product-rdiffwebikus060/rdiffweb
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34127
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.71% / 93.13%
||
7 Day CHG~0.00%
Published-16 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter.

Action-Not Available
Vendor-n/aGLPI Project
Product-manageentitiesn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-32963
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-7.5||HIGH
EPSS-1.11% / 62.00%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 09:15
Updated-17 Sep, 2024 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ITPison OMICARD EDM - Path Traversal-1

OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files.

Action-Not Available
Vendor-omicard_edm_projectITPison
Product-omicard_edmOMICARD EDM
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-33165
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.17% / 63.65%
||
7 Day CHG~0.00%
Published-14 Oct, 2023 | 14:16
Updated-17 Sep, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Directory Server information disclosure

IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582.

Action-Not Available
Vendor-IBM Corporation
Product-security_directory_integratorSecurity Directory Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-32190
Matching Score-4
Assigner-Go Project
ShareView Details
Matching Score-4
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-1.68% / 74.06%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 17:08
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Failure to strip relative path components in net/url

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.

Action-Not Available
Vendor-Go standard libraryGo
Product-gonet/url
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-57669
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 57.76%
||
7 Day CHG+0.03%
Published-03 Feb, 2025 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-57451
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 53.23%
||
7 Day CHG-0.06%
Published-03 Feb, 2025 | 00:00
Updated-19 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-57727
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-95.15% / 99.85%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 00:00
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-03-06||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.

Action-Not Available
Vendor-simple-helpn/aSimpleHelp
Product-simplehelpn/aSimpleHelp
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-32275
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.54% / 94.39%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 18:29
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content

Action-Not Available
Vendor-n/aGrafana Labs
Product-grafanan/agrafana
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-31578
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.12% / 62.23%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 01:01
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

Action-Not Available
Vendor-bt_lnmp_projectn/a
Product-bt_lnmpn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-57549
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.63% / 45.89%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 00:00
Updated-11 Apr, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request.

Action-Not Available
Vendor-cmsimplen/a
Product-cmsimplen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-31457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.92% / 55.81%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 00:00
Updated-24 Oct, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/.

Action-Not Available
Vendor-rtx_trap_projectn/a
Product-rtx_trapn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-31793
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.37% / 95.46%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 21:55
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.

Action-Not Available
Vendor-arrisinglorionn/a
Product-nvg443_firmwarenvg599nvg443bgw320_firmwarebgw320nvg589_firmwarebgw210_firmwarenvg589nvg510_firmwarebgw210nvg510muhttpdnvg599_firmwaren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-31662
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-1.07% / 60.86%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:05
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)Microsoft Corporation
Product-access_connectorlinux_kernelidentity_manager_connectorone_accesswindowsidentity_managerVMware Workspace ONE Access, Access Connector, Identity Manager, vIDM Connector and vRealize Automation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-55657
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.72% / 49.27%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 22:44
Updated-05 Jun, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SiYuan has an arbitrary file read via /api/template/render

SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16 contains a patch for the issue.

Action-Not Available
Vendor-b3logsiyuan-note
Product-siyuansiyuan
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-31268
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.60% / 94.89%
||
7 Day CHG~0.00%
Published-21 May, 2022 | 20:35
Updated-03 Aug, 2024 | 07:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).

Action-Not Available
Vendor-gitblitn/a
Product-gitblitn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-31474
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-63.76% / 99.12%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 13:21
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BackupBuddy Plugin 8.5.8.0-8.7.4.1 is vulnerable to Directory Traversal

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1.

Action-Not Available
Vendor-SolidWP (iThemes)
Product-backupbuddyBackupBuddy
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-3090
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.61% / 44.81%
||
7 Day CHG~0.00%
Published-17 Nov, 2022 | 21:55
Updated-16 Apr, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes.

Action-Not Available
Vendor-redlionRed Lion Controls
Product-crimsonCrimson 3.0Crimson 3.1Crimson 3.2
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-55970
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 39.25%
||
7 Day CHG~0.00%
Published-15 Dec, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

File Manager in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 has a traversal issue that is related to the request parameter, aka I644734.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-33277
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.27% / 66.19%
||
7 Day CHG+0.31%
Published-29 Jun, 2023 | 00:00
Updated-27 Nov, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL.

Action-Not Available
Vendor-giran/agira
Product-knx_ip_router_firmwareknx_ip_routern/aknx_ip_router
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-31703
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-1.79% / 75.70%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vrealize_log_insightvRealize Log Insight (vRLI)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-54453
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.63% / 45.65%
||
7 Day CHG+0.01%
Published-27 Dec, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. A path traversal vulnerability in the DocServlet servlet allows remote attackers to retrieve any file from the Kurmi web application installation folder, e.g., files such as the obfuscated and/or compiled Kurmi source code.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2010-5334
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.55% / 83.13%
||
7 Day CHG~0.00%
Published-11 Oct, 2019 | 10:36
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.

Action-Not Available
Vendor-icewarpn/a
Product-webclientn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-29804
Matching Score-4
Assigner-Go Project
ShareView Details
Matching Score-4
Assigner-Go Project
CVSS Score-7.5||HIGH
EPSS-1.87% / 76.79%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path traversal via Clean on Windows in path/filepath

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

Action-Not Available
Vendor-Go standard libraryGoMicrosoft Corporation
Product-gowindowspath/filepath
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 22
  • 23
  • Next
Details not found