Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-23

CWE-23

Relative Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

417 vulnerabilities with CWE-23

CVE-2026-25057 CRITICAL

Markus < 2.9.1 - Path Traversal via Assignment Configuration Upload

CVE-2026-25575 HIGH

NavigaTUM < 2026-02-03 - Unauthenticated Path Traversal and Arbitrary File Write via Propose Edits Endpoint

CVE-2026-25121 HIGH

apko 0.14.8-1.1.0 - Path Traversal via dirFS Filesystem Abstraction

CVE-2026-24909 MEDIUM

vltpkg/tar < 1.0.0-rc.10 - Path Traversal during Extraction

CVE-2026-23890 MEDIUM

pnpm < 10.28.1 - Path Traversal via Bin Linking with Scope Normalization Bypass

CVE-2026-23888 MEDIUM

pnpm < 10.28.1 - Path Traversal and Arbitrary File Write via Binary Fetcher

CVE-2026-1022 HIGH

Gotac Statistics Database System < 1.0.3 - Unauthenticated Arbitrary File Read via Relative Path Traversal

CVE-2025-41280 HIGH

Waterfall WF-500 < 7.9.1.0 R2502171040 - Relative Path Traversal

CVE-2025-41271 HIGH

Waterfall WF-500 < 7.9.1.0 R2502171040 - Relative Path Traversal

CVE-2025-41268 CRITICAL

Waterfall WF-500 < 7.9.1.0 R2502171040 - Relative Path Traversal

CVE-2025-48977 MEDIUM

Apache Ignite: REST HTTP arbitrary file read vulnerability

CVE-2025-24819 MEDIUM

A Relative Path Traversal vulnerability in Nokia MantaRay NM

CVE-2025-62878 CRITICAL

Rancher local-path-provisioner < 0.0.34 - Path Traversal via pathPattern Parameter

CVE-2025-58467 MEDIUM

Qsync Central <5.0.0.4 - Path Traversal

CVE-2025-22873 LOW

GO < 1.23.9 - Path Traversal

CVE-2025-68472 HIGH

MindsDB < 25.11.1 - Unauthenticated Path Traversal and Arbitrary File Read via File Upload API

CVE-2025-67366 HIGH

sylphx filesystem-mcp 0.5.8 - Path Traversal via Symlink Handling Bypass

CVE-2025-15225 HIGH

Sun.net WMPro 5.0-5.1 - Unauthenticated Arbitrary File Read via Relative Path Traversal

CVE-2025-66737 MEDIUM

Yealink T21P_E2 Phone <52.84.0.15 - Path Traversal

CVE-2025-57403 HIGH

Cola Dnslog 1.3.2 - Directory Traversal via DNS TXT Record Processing

CVE-2025-15015 HIGH

Enterprise Cloud Database - Path Traversal

CVE-2025-66626 HIGH

Argo Workflows <3.7.4 - Code Injection

CVE-2025-62552 HIGH

Microsoft Access 2016 < 16.0.5530.1000 - Unauthenticated Relative Path Traversal

CVE-2025-12097 HIGH

NI System Web Server <2012 - Info Disclosure

CVE-2025-13771 MEDIUM

WebITR < 2.1.0.34 - Authenticated Arbitrary File Read via Relative Path Traversal

Previous Page 3 of 17 Next

Details

Vulnerabilities 417

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy