Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-23

CWE-23

Relative Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

417 vulnerabilities with CWE-23

CVE-2026-5966 HIGH

TeamT5｜ThreatSonar Anti-Ransomware - Arbitrary File Deletion

CVE-2026-31927 MEDIUM

Anviz CX7 Firmware Relative Path Traversal

CVE-2026-33435 HIGH

Weblate: Remote code execution during backup restoration

CVE-2026-20081 MEDIUM

Cisco Unity Connection Arbitrary File Download Vulnerability

CVE-2026-20078 MEDIUM

Cisco Unity Connection Arbitrary File Download Vulnerability

CVE-2026-39814 MEDIUM

FortiWeb 8.0.0-8.0.2, 7.6.0-7.6.6, 7.4.1-7.4.12, 7.0.10-7.0.12 - Relative Path Traversal

CVE-2026-27489 HIGH

ONNX: Path Traversal via Symlink

CVE-2026-32725 HIGH

SciTokens C++: Relative Path Traversal Vulnerability

CVE-2026-31831 HIGH

Tautulli: Unauthenticated Path Traversal in `/newsletter/image/images` endpoint

CVE-2026-4415 HIGH

GIGABYTE｜Gigabyte Control Center - Arbitrary File Write

CVE-2026-33206 MEDIUM

Calibre <9.6.0 Markdown Image Handling - Path Traversal

CVE-2026-33494 CRITICAL

Ory Oathkeeper <26.2.0 HTTP Path Traversal - Authorization Bypass

CVE-2026-27625 HIGH

Stirling-PDF Zip Slip: Arbitrary File Write via Path Traversal in Markdown-to-PDF ZIP Extraction

CVE-2026-29101 MEDIUM

SuiteCRM Vulnerable to Directory Traversal to DoS in Modules

CVE-2026-29098 MEDIUM

SuiteCRM has Relative Path Traversal via ModuleBuilder Modules ExportCustom Action

CVE-2026-30345 HIGH

CTFd v3.8.1-18-gdb5a18c4 - Path Traversal

CVE-2026-29778 HIGH

pyLoad 0.5.0b3.dev13-0.5.0b3.dev96 - Path Traversal

CVE-2026-21659 CRITICAL

Frick Controls Quantum HD <=10.22 - RCE

CVE-2026-27117 MEDIUM

bit7z < 4.0.11 - Path Traversal and Arbitrary File Write via Archive Extraction

CVE-2026-27202 HIGH

GetSimple CMS - Arbitrary File Read

CVE-2026-2818 HIGH

Spring Data Geode 2.0.0-2.7.17 and Spring Data Gemfire 1.7.0-2.2.12 - Path Traversal via Import Snapshot

CVE-2026-21620 LOW

Erlang/OTP 17.0-17.0 - Relative Path Traversal in tftp_file Module

CVE-2026-26362 HIGH

Dell Unisphere for PowerMax 10.2 - Path Traversal

CVE-2026-1762 LOW

GE Vernova Enervista <8.6 - File Manipulation

CVE-2026-25951 HIGH

FUXA < 1.2.11 - Authenticated Path Traversal and Remote Code Execution via Nested Traversal Sequences

Previous Page 2 of 17 Next

Details

Vulnerabilities 417

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy