Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-23

CWE-23

Relative Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

417 vulnerabilities with CWE-23

CVE-2026-34026 HIGH

Path traversal in Wertheim SafeController Software allows authenticated users to download arbitrary files

CVE-2026-48569 HIGH

Visual Studio Code Security Feature Bypass Vulnerability

CVE-2026-47287 MEDIUM

Visual Studio Code Tampering Vulnerability

CVE-2026-48681 MEDIUM

Openstack Ironic - Relative Path Traversal

CVE-2026-5422 HIGH

Path Traversal in jupyter/jupyter

CVE-2026-10074 MEDIUM

Interinfo｜DreamMaker - Arbitrary File Read

CVE-2026-10073 HIGH

Interinfo｜DreamMaker - Arbitrary File Read

CVE-2026-8326 CRITICAL

Remote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE

CVE-2026-8361 HIGH

Gladinet Triofox Path Traversal in WOSDefaultHttpModule.dll

CVE-2026-48126 HIGH

Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir

CVE-2026-8134 HIGH

Concrete CMS 9.5.0 and below is vulnerable to Authenticated RCE via Composer customTemplate Path Traversal leading to PHP File Inclusion

CVE-2026-34926 MEDIUM KEV

TrendAI Apex One 2019-14.0.0.17079 - Path Traversal & Arbitrary Code Deployment

CVE-2026-23734 CRITICAL

XWiki Platform: Path traversal via resources parameter in ssx and jsx endpoints when using leading slash

CVE-2026-8073 HIGH

Kirki <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion via downloadZIP

CVE-2026-41948 CRITICAL

Dify v1.14.1 Path Traversal via Plugin Daemon Internal API Access

CVE-2026-41612 MEDIUM

Visual Studio Code Information Disclosure Vulnerability

CVE-2026-41551 CRITICAL

Siemens ROS# < V2.2.2 - Path Traversal via Unsanitized User Input

CVE-2026-8209 MEDIUM

Gibbon < 30.0.01 - Authenticated Denial of Service via Path Traversal

CVE-2026-29201 HIGH

cPanel 11.86.0-11.136.0 - Unauthenticated Arbitrary File Read via feature::LOADFEATUREFILE

CVE-2026-43533 HIGH

OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags

CVE-2026-43616 HIGH

Detect-It-Easy < 3.21 - Path Traversal Arbitrary File Write

CVE-2026-42085 MEDIUM

OpenC3 COSMOS: Arbitrary write to plugins directory via path-traversed config filenames

CVE-2026-22070 HIGH

ColorOS Assistant Path Traversal Vulnerability

CVE-2026-7404 HIGH

getsimpletool mcpo-simple-server base_manager.py delete_shared_prompt path traversal

CVE-2026-33733 HIGH

EspoCRM has Admin TemplateManager path traversal that allows arbitrary file read write and delete

Page 1 of 17 Next

Details

Vulnerabilities 417

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy