Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-66051

Summary
Assigner-CERT-PL
Assigner Org ID-4bb8329e-dd38-46c1-aafb-9bf32bcb93c6
Published At-09 Jan, 2026 | 11:54
Updated At-09 Jan, 2026 | 14:07
Rejected At-
Credits

Path traversal in Vivotek IP7137 cameras

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default. The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERT-PL
Assigner Org ID:4bb8329e-dd38-46c1-aafb-9bf32bcb93c6
Published At:09 Jan, 2026 | 11:54
Updated At:09 Jan, 2026 | 14:07
Rejected At:
▼CVE Numbering Authority (CNA)
Path traversal in Vivotek IP7137 cameras

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default. The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

Affected Products
Vendor
Vivotek
Product
IP7137
Default Status
unknown
Versions
Affected
  • 0200a (custom)
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-22
Description: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-139CAPEC-139 Relative Path Traversal
CAPEC ID: CAPEC-139
Description: CAPEC-139 Relative Path Traversal
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Szymon Paszun
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://cert.pl/posts/2026/01/CVE-2025-66049
third-party-advisory
Hyperlink: https://cert.pl/posts/2026/01/CVE-2025-66049
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cvd@cert.pl
Published At:09 Jan, 2026 | 12:15
Updated At:14 Jan, 2026 | 17:49

Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default. The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches

vivotek
vivotek
>>ip7137_firmware>>0200a
cpe:2.3:o:vivotek:ip7137_firmware:0200a:*:*:*:*:*:*:*
vivotek
vivotek
>>ip7137>>-
cpe:2.3:h:vivotek:ip7137:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarycvd@cert.pl
CWE ID: CWE-22
Type: Primary
Source: cvd@cert.pl
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://cert.pl/posts/2026/01/CVE-2025-66049cvd@cert.pl
Third Party Advisory
Hyperlink: https://cert.pl/posts/2026/01/CVE-2025-66049
Source: cvd@cert.pl
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

543Records found

CVE-2013-1597
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-14.19% / 96.14%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 18:08
Updated-06 Aug, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.

Action-Not Available
Vendor-vivotekn/a
Product-pt7135_firmwarept7135n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-35718
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.74% / 50.14%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 00:00
Updated-03 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request.

Action-Not Available
Vendor-vivotekn/a
Product-fd8136_firmwarefd8136n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-11949
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.19% / 64.28%
||
7 Day CHG~0.00%
Published-28 May, 2020 | 12:43
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices.

Action-Not Available
Vendor-vivotekn/a
Product-fd8177-ht_firmwarefe9582-ehnvfd9387-htvfe9180-hib9388-htfd9367-ehtv_firmwareib9389-ht_firmwarefd9387-ehvfd9387-hvcd8371-hnvf2fd9388-htv_firmwareib836b-hf3sd9362-ehfd8369a-v_firmwareip9191-hp_firmwarefd9165-ht-aib9367-htfd8379-hv_firmwaresd9366-ehfd9391-ehtvfd836b-htv_firmwareib9381-ehtfd9365-ehtv_firmwaresd9363-ehl_firmwarefd9187-ht_firmwareit9389-hmd8563-dehfd9368-htv_firmwarefd9380-hfd9189-hm_firmwarefd9365-ehtv-a_firmwarefe9391-ev_firmwareib9365-htib8382-et_firmwarefd9189-hfd8177-hfd9365-htvl_firmwarefd9389-hmvfd9389-ehmv_firmwarefd816ca-hf2cc8160\(hs\)_firmwarefd9167-htfd9365-htv-a_firmwareib836ba-hf3_firmwareib8377-htfe9391-evfd9366-hv_firmwareib9391-eht_firmwaresd9364-ehib9389-ehm_firmwarefd9367-htv\(epoc\)ib9365-ht-a_firmwarefd8182-t_firmwarefd9171-htit9388-ht_firmwarefd9365-htv-afd8382-etv_firmwareip9165-lpcib9389-ehmmd8563-ehib9387-h_firmwarefd836b-htvib9387-eht-afd8377-htv_firmwareib9381-eht_firmwaresd9362-eh-v2_firmwarefe9191ib8382-f3fd8182-f2ib9387-ht-a_firmwarevc8101_firmwarefd8369a-vit9360-h_firmwarefd9360-hfd8179-hib9387-ht-afd8382-tvip8160_firmwareip8160-wfd9187-ht-ama9321-ehtv_firmwarefd816ba-ht_firmwareib8360ib8360-wfd836ba-hvf2fe9382-ehv_firmwarevs8100-v2_firmwarefe9182-h_firmwaremd9560-dhib8382-ef3fd8182-f1fe9182-hfd9166-hn_firmwaremd9560-hib9389-hib9387-hib8360-w_firmwaremd9561-h_firmwarefd8166a-n_firmwareib9371-eht_firmwarecd8371-hntv_firmwarecc9381-hv_firmwareib836ba-ht_firmwaresd9362-ehlmd9561-hfd9365-htvsd9363-ehl-v2_firmwarefd8377-ehtv_firmwaremd8564-ehfd9391-ehtv_firmwarefd9387-ehv_firmwareip9165-hpip8166fd9367-hv_firmwareib836ba-htcc8160_firmwareib836b-hf3_firmwarefd9389-hv_firmwarefd8382-vf2_firmwareip9167-hp_firmwarefd9187-hip9191-hpib8360_firmwaretb9330-efe9382-ehvfd836b-ehvf2_firmwareit9360-hip9167-hpfd9365-htvlsd9374-ehlib8382-ef3_firmwareib8369afd9367-hvib9367-h_firmwarefd9181-ht_firmwarefe9191_firmwareib836b-ehf3_firmwarecd8371-hntvib8377-hip9164-lpc_firmwarefd816b-hf2md8565-n_firmwarefd9187-ht-a_firmwareip9171-hp_firmwareib8369a_firmwarefd8179-h_firmwarecc9381-hvsd9364-ehl-v2_firmwareib9389-ehtfd816b-hf2_firmwareip9164-htit9389-ht_firmwareib8367acc8160\(hs\)fd8382-tv_firmwareip8160cc8371-hvsd9364-eh-v2sd9362-eh_firmwarems9321-ehvfd9381-ehtv_firmwareib836b-htib836ba-ehf3_firmwarefd8382-evf2fd836ba-ehvf2fd816c-hf2_firmwarefd9389-ehmviz9361-eh_firmwareib9387-eht_firmwareib9387-ehtfd9389-ehvib9360-h_firmwareib9371-ehtfd9365-htv_firmwaresd9365-ehl_firmwarefd8177-htib8382-f3_firmwareib9367-ht_firmwarefd9388-htvfd9167-h_firmwarevc8101ip9165-lpc_firmwareib836b-ht_firmwareib836b-eht_firmwaresd9366-eh_firmwareib9368-htfe9180-h_firmwarefd9181-htfd9381-ehtvfd9389-htvib9389-eht_firmwareip9172-lpc\(freeway\)_firmwaresd9364-eh-v2_firmwarefd836ba-hvf2_firmwareib8377-ht_firmwarefd9165-htfd8182-f2_firmwarefd9371-ehtv_firmwarefd9167-hip9167-htfd8167afd836b-hvf2ip9164-ht_firmwareib9367-ehtfd9368-htvfe9381-ehvib9387-ht_firmwarefd9171-ht_firmwarefd9387-ehtvfd816ba-hf2fd8182-f1_firmwarems9321-ehv_firmwareit9380-hfd9387-htv-afd8367a-v_firmwarefd836ba-ehtvfd9189-h_firmwaresd9361-ehl_firmwarefd8382-vf2ms9390-hvib836b-ehtfd9360-h_firmwareib9387-ehip9181-h_firmwarefd836ba-htvfd9387-ehtv-acc8370-hvfd9380-h_firmwareib9365-eht_firmwareib836b-hrf3_firmwarefd9366-hvib8382-t_firmwaresd9366-eh-v2_firmwaremd9560-h_firmwaremd9560-dh_firmwarefd9166-hnib8367a_firmwarefd9387-htv_firmwarecc8371-hv_firmwarema9322-ehtv_firmwareib9365-eht-a_firmwarefd9187-h_firmwarefd816ca-hf2_firmwarefd9167-ht_firmwareip9181-hfd8382-evf2_firmwaremd8564-eh_firmwaremd9581-h_firmwareip9191-htsd9366-eh-v2ip9167-ht_firmwarefd8177-h_firmwarefd816b-ht_firmwarefd8366-vip9165-htib836b-ehf3fd8166a-nfe9181-h_firmwareib9389-ehib9367-eh_firmwarefd836b-ehtv_firmwarefd9387-ehtv_firmwaretb9331-efd816ba-htsd9365-ehlfe9181-hfd836ba-htv_firmwarefd9389-ehv_firmwaresd9361-ehlib836b-hrf3ib9365-ht_firmwareip9164-lpcfd9165-ht_firmwareib9367-ehsd9362-eh-v2ib9391-ehtib9367-hfd8377-ehtvit9380-h_firmwareib8377-eht_firmwarefd8169a_firmwareib836ba-hf3fd836ba-ehvf2_firmwarefe9380-hv_firmwarefd8166aip9165-hp_firmwarefd9367-ehtvib9389-hm_firmwareib8377-ehtib9365-eht-aib8382-etcc8370-hv_firmwareib9387-htib9365-ht-aip9191-ht_firmwarefe9380-hvfe9582-ehnv_firmwaresd9374-ehl_firmwarefd9367-htv\(epoc\)_firmwaresd9364-ehl_firmwaremd8563-deh_firmwarema9322-ehtvtb9331-e_firmwareit9389-h_firmwarefd816c-hf2fd9165-ht-a_firmwareib9380-h_firmwaresd9363-ehl-v2ib9365-ehtmd8565-nib836ba-ehtfd9367-htv_firmwareip8160-w_firmwarefd9189-hmfd8377-hvib9389-eh_firmwareib836ba-eht_firmwareip9165-lpc\(i-cs_kit\)ib8382-tfd9389-ehtv_firmwarefd8169aib9368-ht_firmwarefd8167a_firmwaresd9364-ehlcd8371-hnvf2_firmwareit9389-htsd9364-ehl-v2fd836b-ehvf2fd9367-htvfd8366-v_firmwareib9388-ht_firmwareip8166_firmwareip9171-hpib8377-h_firmwarefd816ba-hf2_firmwarefd836b-hvf2_firmwarefd816b-htmd9581-hmd8563-eh_firmwarefd9387-ehtv-a_firmwaresd9366-ehlfd8166a_firmwareip9165-ht_firmwarefd8182-tfd9365-ehtvms9390-hv_firmwarefe9381-ehv_firmwareip9165-lpc\(i-cs_kit\)_firmwarefd8377-htvfd9389-ehtvfd9189-ht_firmwareib9387-eh_firmwareit9388-htib9360-hfd8367a-vfd9371-ehtvcc8160vs8100-v2sd9161-hfd9187-htfd9389-hvsd9362-ehl_firmwareib9380-htb9330-e_firmwarefd8382-etvma9321-ehtvsd9363-ehlsd9364-eh_firmwarefd836b-ehtvib9389-htib836ba-ehf3ib9389-hmib9387-eht-a_firmwareiz9361-ehsd9366-ehl_firmwarefd8379-hvfd8377-hv_firmwarefd9389-hmv_firmwarefd9387-htv-a_firmwareip9172-lpc\(freeway\)ib9367-eht_firmwarefd836ba-ehtv_firmwarefd9389-htv_firmwareib9389-h_firmwarefd9189-htsd9161-h_firmwarefd9365-ehtv-afd9387-hv_firmwaren/a
CVE-2017-9829
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-68.74% / 99.26%
||
7 Day CHG~0.00%
Published-23 Jun, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.

Action-Not Available
Vendor-vivotekn/a
Product-network_camera_fd816ba_firmwarenetwork_camera_ib8369network_camera_fd8164_firmwarenetwork_camera_fd8164network_camera_ib8369_firmwarenetwork_camera_fd816ban/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-8765
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.58% / 43.48%
||
7 Day CHG~0.00%
Published-17 May, 2026 | 22:00
Updated-19 May, 2026 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kilo-Org kilocode File Diff API Endpoint worktree-diff.ts Bun.file path traversal

A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation of the argument File results in path traversal. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-kiloKilo-Org
Product-kilo_codekilocode
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-69055
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.73%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BM Content Builder plugin < 3.16.3.3 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder bm-builder allows Path Traversal.This issue affects BM Content Builder: from n/a through < 3.16.3.3.

Action-Not Available
Vendor-SeaTheme
Product-BM Content Builder
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-16990
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.28% / 66.57%
||
7 Day CHG~0.00%
Published-21 Oct, 2019 | 14:20
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it.

Action-Not Available
Vendor-fusionpbxn/a
Product-fusionpbxn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-27994
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.93% / 89.09%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 15:51
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.

Action-Not Available
Vendor-n/aSolarWinds Worldwide, LLC.
Product-serv-un/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-9153
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 22.58%
||
7 Day CHG+0.01%
Published-25 Jun, 2026 | 00:33
Updated-27 Jun, 2026 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Read in Rapid7 InsightConnect Sed Plugin

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.

Action-Not Available
Vendor-Linux Kernel Organization, IncRapid7 LLCGNU
Product-sedlinux_kernelInsightConnect Sed Plugin
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-44008
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.82% / 52.74%
||
7 Day CHG~0.00%
Published-16 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly.

Action-Not Available
Vendor-backclickn/a
Product-backclickn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-8113
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.41% / 33.17%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 21:15
Updated-14 May, 2026 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
8421bit MiniClaw executeSkillScript kernel.ts isPathInside path traversal

A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. This patch is called e8bd4e17e9428260f2161378356affc5ce90d6ed. It is advisable to implement a patch to correct this issue.

Action-Not Available
Vendor-8421bit8421bit
Product-miniclawMiniClaw
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-2292
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.5||MEDIUM
EPSS-1.61% / 72.98%
||
7 Day CHG+0.11%
Published-31 Mar, 2025 | 16:38
Updated-27 Dec, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure

Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35.

Action-Not Available
Vendor-xorcomXorcom
Product-completepbxCompletePBX
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-9035
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.36%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:21
Updated-27 May, 2026 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in Aspera applications.

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to.

Action-Not Available
Vendor-IBM Corporation
Product-Aspera High-Speed Transfer EndpointAspera High-Speed Transfer Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-16198
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.57% / 72.28%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 20:09
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by the hostFile parameter.

Action-Not Available
Vendor-kslabsn/a
Product-kswebn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-43518
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-4.9||MEDIUM
EPSS-0.70% / 48.77%
||
7 Day CHG~0.00%
Published-30 Nov, 2022 | 19:26
Updated-24 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-edgeconnect_enterpriseAruba EdgeConnect Enterprise Software
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-4861
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-6.63% / 93.05%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 16:09
Updated-06 Aug, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.

Action-Not Available
Vendor-micasaverden/a
Product-veraliteveralite_firmwaren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-3993
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-5.24% / 91.52%
||
7 Day CHG~0.00%
Published-07 Jul, 2014 | 10:00
Updated-21 Apr, 2026 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-15||The impacted product is end-of-life and should be disconnected if still in use.

IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_biginsightsn/aInfoSphere BigInsights
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-21095
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.53% / 40.66%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 15:19
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keysight Ixia Vision Product Family Path Traversal

Path traversal may lead to arbitrary file download. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25.

Action-Not Available
Vendor-Keysight
Product-Ixia Vision Product Family
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-42282
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 38.19%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 01:38
Updated-07 Apr, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-bmcdgx_a100NVIDIA DGX servers
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-2254
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-2.13% / 79.67%
||
7 Day CHG+0.02%
Published-16 Sep, 2020 | 13:20
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-blue_oceanJenkins Blue Ocean Plugin
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-6670
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 40.68%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 06:44
Updated-14 May, 2026 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Media Sync <= 1.4.9 - Authenticated (Author+) Path Traversal via 'sub_dir' and 'media_items' Parameters

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_dir' and 'media_items' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted to the intended uploads directory. This makes it possible for authenticated attackers, with Author-level access and above, to perform actions on files outside of the originally intended directory.

Action-Not Available
Vendor-erolsk8
Product-Media Sync
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-20051
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.59% / 43.71%
||
7 Day CHG+0.01%
Published-24 Feb, 2025 | 07:27
Updated-18 Aug, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary file read via block duplication in Mattermost Boards

Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermost_serverMattermost
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-56394
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.34% / 25.54%
||
7 Day CHG~0.00%
Published-21 Jun, 2026 | 13:27
Updated-23 Jun, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Craft CMS - Authenticated Path Traversal in assets/icon Extension Parameter

Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to existing SVG files, allowing local file read access.

Action-Not Available
Vendor-craftcms
Product-cms
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-41956
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.77% / 75.38%
||
7 Day CHG~0.00%
Published-14 Jan, 2023 | 00:40
Updated-03 Aug, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autolab is vulnerable to file disclosure via remote handin feature

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's remote handin feature, whereby users are able to hand-in assignments using paths outside their submission directory. Users can then view the submission to view the file's contents. The vulnerability has been patched in version 2.10.0. As a workaround, ensure that the field for the remote handin feature is empty (Edit Assessment > Advanced > Remote handin path), and that you are not running Autolab as `root` (or any user that has write access to `/`). Alternatively, disable the remote handin feature if it is unneeded by replacing the body of `local_submit` in `app/controllers/assessment/handin.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`.

Action-Not Available
Vendor-autolabprojectautolab
Product-autolabAutolab
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-19146
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.85% / 76.50%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 13:52
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.

Action-Not Available
Vendor-jflyfoxn/a
Product-jfinal_cmsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-41761
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.80% / 52.11%
||
7 Day CHG~0.00%
Published-25 Dec, 2023 | 00:00
Updated-03 Aug, 2024 | 12:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files.

Action-Not Available
Vendor-n/aNokia Corporation
Product-network_functions_manager_for_transportn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-41760
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.80% / 52.11%
||
7 Day CHG~0.00%
Published-25 Dec, 2023 | 00:00
Updated-03 Aug, 2024 | 12:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files.

Action-Not Available
Vendor-n/aNokia Corporation
Product-network_functions_manager_for_transportn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-10063
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.89% / 55.03%
||
7 Day CHG+0.04%
Published-01 Aug, 2025 | 20:46
Updated-15 May, 2026 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear SPH200D <= 1.0.4.80 Path Traversal via HTTP GET

A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive system files and configuration data.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-SPH200D
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-58451
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.38% / 29.94%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 18:16
Updated-02 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Horde IMP < 7.0.1 Path Traversal via Compose.php img src

Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos() prefix validation by appending sequences such as traversal segments after the matching prefix, causing file_get_contents() to read sensitive files whose contents are then exfiltrated as MIME parts in outgoing email; unauthenticated exploitation is also achievable via CSRF against an active authenticated session.

Action-Not Available
Vendor-Horde LLC
Product-imp
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-10062
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-1.40% / 69.23%
||
7 Day CHG+0.06%
Published-01 Aug, 2025 | 20:44
Updated-07 Apr, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linksys Routers apply.cgi Path Traversal

A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next_page POST parameter to access arbitrary files outside the intended web root by injecting traversal sequences. This allows exposure of sensitive system files and configuration data.

Action-Not Available
Vendor-Linksys Holdings, Inc.
Product-E1500
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-40715
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.04% / 59.92%
||
7 Day CHG+0.03%
Published-19 Sep, 2022 | 15:52
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.

Action-Not Available
Vendor-n/aNokia Corporation
Product-1350_optical_management_systemn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-14293
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 22.48%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 20:22
Updated-08 Apr, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Job Portal <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read

The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.4.0 via the 'downloadCustomUploadedFile' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Action-Not Available
Vendor-WP Job Portal
Product-WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-4280
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.81% / 52.54%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 07:45
Updated-23 Apr, 2026 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Breaking News WP <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Local File Inclusion/Read

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwp_ajax_form AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwp_theme option value is passed directly to an include() statement in the brnwp_show_breaking_news_wp() shortcode handler. While sanitize_text_field() is applied to user input, it does not strip directory traversal sequences (../). This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the brnwp_theme option with a directory traversal payload (e.g., ../../../../etc/passwd) and subsequently trigger file inclusion of arbitrary files on the server when the shortcode is rendered.

Action-Not Available
Vendor-doctorwp
Product-Breaking News WP
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-40734
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.06% / 89.41%
||
7 Day CHG~0.00%
Published-14 Sep, 2022 | 00:00
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0.

Action-Not Available
Vendor-unisharpn/a
Product-laravel_filemanagern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-14867
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.54%
||
7 Day CHG~0.00%
Published-07 Jan, 2026 | 06:36
Updated-08 Apr, 2026 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flashcard Plugin for WordPress <= 0.9 - Authenticated (Contributor+) Arbitrary File Read via Path Traversal

The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the 'source' attribute of the 'flashcard' shortcode. This makes it possible for authenticated attackers, with contributor level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Action-Not Available
Vendor-liangshao
Product-Flashcard Plugin for WordPress
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-14910
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.44% / 35.51%
||
7 Day CHG~0.00%
Published-19 Dec, 2025 | 01:32
Updated-24 Feb, 2026 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Edimax BR-6208AC FTP Daemon Service handle_retr path traversal

A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handle_retr of the component FTP Daemon Service. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. Edimax confirms this issue: "This product is no longer available in the market and has been discontinued for five years. Consequently, Edimax no longer provides technical support, firmware updates, or security patches for this specific model. However, to ensure the safety of our remaining active users, we acknowledge this report and will take the following mitigation actions: (A) We will issue an official security advisory on our support website. (B) We will strongly advise users to disable the FTP service on this device to mitigate the reported risk, by which the product will still work for common use. (C) We will recommend users upgrade to newer, supported models." This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-Edimax Technology Company Ltd.
Product-br-6208ac_firmwarebr-6208acBR-6208AC
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-15020
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 22.48%
||
7 Day CHG~0.00%
Published-14 Jan, 2026 | 05:28
Updated-08 Apr, 2026 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gotham Block Extra Light <= 1.5.0 - Authenticated (Contributor+) Arbitrary File Read via 'ghostban' Shortcode

The Gotham Block Extra Light plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.5.0 via the 'ghostban' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Action-Not Available
Vendor-gothamdev
Product-Gotham Block Extra Light
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-40713
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.04% / 59.92%
||
7 Day CHG+0.03%
Published-19 Sep, 2022 | 15:52
Updated-03 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.

Action-Not Available
Vendor-n/aNokia Corporation
Product-1350_optical_management_systemn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-13891
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 27.64%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 07:20
Updated-08 Apr, 2026 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Image Gallery – Photo Grid & Video Gallery (Modula) <= 2.13.3 - Missing Authorization to Arbitrary Directory Listing

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.13.3. This is due to the modula_list_folders AJAX endpoint that lacks proper path validation and base directory restrictions. While the endpoint verifies user capabilities (Author+ with upload_files and edit_posts permissions), it fails to validate that user-supplied directory paths reside within safe directories. This makes it possible for authenticated attackers, with Author-level access and above, to enumerate arbitrary directories on the server via the modula_list_folders endpoint.

Action-Not Available
Vendor-wpchill
Product-Modula Image Gallery – Photo Grid & Video Gallery
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-13725
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 27.85%
||
7 Day CHG~0.00%
Published-17 Jan, 2026 | 03:24
Updated-08 Apr, 2026 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gutenberg Thim Blocks <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' Parameter

The Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 1.0.1. This is due to insufficient path validation in the server-side rendering of the thim-blocks/icon block. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server via the 'iconSVG' parameter, which can contain sensitive information such as wp-config.php.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-Thim Blocks
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-41216
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
ShareView Details
Matching Score-4
Assigner-Dutch Institute for Vulnerability Disclosure (DIVD)
CVSS Score-8.3||HIGH
EPSS-0.62% / 45.25%
||
7 Day CHG~0.00%
Published-22 Feb, 2023 | 14:42
Updated-20 Mar, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cloudflow - Local File Inclusion Vulnerability

Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential information from the system.

Action-Not Available
Vendor-hybridsoftwareHybrid Software
Product-cloudflowCloudflow
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2025-1310
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.67% / 47.47%
||
7 Day CHG~0.00%
Published-26 Mar, 2025 | 09:21
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jobs for WordPress <= 2.7.11 - Authenticated (Subscriber+) Arbitrary File Read

The Jobs for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.7.11 via the 'job_postings_get_file' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Action-Not Available
Vendor-blueglassch
Product-Job Postings
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-12960
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 45.01%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 08:20
Updated-08 Apr, 2026 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple CSV Table <= 1.0.1 - Directory Traversal to Authenticated (Contributor+) Arbitrary File Read

The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.1 via the `href` parameter in the `[csv]` shortcode. This is due to insufficient path validation before concatenating user-supplied input to a base directory path. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information such as database credentials and authentication keys.

Action-Not Available
Vendor-iworks
Product-Simple CSV Table
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-11913
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.78% / 51.55%
||
7 Day CHG~0.00%
Published-17 Oct, 2025 | 20:02
Updated-31 Oct, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shenzhen Ruiming Technology Streamax Crocus Service.do download path traversal

A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this vulnerability is the function Download of the file /Service.do?Action=Download. Such manipulation of the argument Path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-streamaxShenzhen Ruiming Technology
Product-streamax_crocusStreamax Crocus
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-24953
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 29.02%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:47
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple File List plugin <= 6.1.15 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List simple-file-list allows Path Traversal.This issue affects Simple File List: from n/a through <= 6.1.15.

Action-Not Available
Vendor-Mitchell Bennis
Product-Simple File List
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-38613
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.97% / 57.38%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 15:40
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.

Action-Not Available
Vendor-bpcbtn/a
Product-smartvista_cardgenn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-3762
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.91% / 55.74%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Booster for WooCommerce - ShopManager+ Arbitrary File Download

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite)

Action-Not Available
Vendor-boosterUnknown
Product-booster_for_woocommerceBooster Elite for WooCommerceBooster for WooCommerceBooster Plus for WooCommerce
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-67004
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-5.56% / 91.90%
||
7 Day CHG~0.00%
Published-09 Jan, 2026 | 00:00
Updated-23 Jan, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

** Disputed ** An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. NOTE: A community member states that this is not a CouchCMS vulnerability and that if /\<file> is accessible it is a web-server configuration issue.

Action-Not Available
Vendor-couchcmsn/a
Product-couchcmsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-35162
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.67% / 47.43%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 05:30
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to 1.8.6. If this vulnerability is exploited, a remote authenticated attacker with "switch_themes" privilege may obtain arbitrary files on the server.

Action-Not Available
Vendor-WPFactory LLCwpfactory
Product-Download Plugins and Themes from Dashboarddownload_plugins_and_themes_from_dashboard
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-38088
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-4.9||MEDIUM
EPSS-2.28% / 81.04%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 21:24
Updated-02 Feb, 2023 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-Siretta Ltd.
Product-quartz-gold_firmwarequartz-goldQUARTZ-GOLD
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found