CWE-23

Relative Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

391 vulnerabilities with CWE-23
CVE-2025-34510 HIGH
Sitecore XP CVE-2025-34510 Post-Authentication Remote Code Execution
CVSS 8.8
CVE-2025-33112 HIGH
IBM AIX 7.3 & VIOS 4.1.1 - Code Injection
CVSS 8.4
CVE-2025-3365 CRITICAL
Product <Version - Path Traversal
CVSS 9.8
CVE-2025-49466 MEDIUM
aerc <93bec0d - Path Traversal
CVSS 5.8
CVE-2025-48957 HIGH
AstrBot <3.5.12 - Path Traversal
CVSS 7.5
CVE-2025-47788 CRITICAL
Atheos <v602 - Path Traversal
CVE-2025-47445 HIGH
Themewinter Eventin < 4.0.27 - Path Traversal
CVSS 7.5
CVE-2025-31493 CRITICAL
Kirby < 3.9.8.3 - Path Traversal
CVSS 9.1
CVE-2025-30207 HIGH
Kirby <3.9.8.3, <3.10.1.2, <4.7.1 - Path Traversal
CVSS 7.5
CVE-2025-30159 CRITICAL
Kirby <3.9.8.3, 3.10.1.2, 4.7.1 - Path Traversal
CVSS 9.1
CVE-2025-22859 MEDIUM
Fortinet Forticlientems < 7.4.3 - Path Traversal
CVSS 5.3
CVE-2025-24350 HIGH
ctrlX OS - Path Traversal
CVSS 7.1
CVE-2025-24343 MEDIUM
ctrlX OS - Path Traversal
CVSS 5.4
CVE-2025-46433 MEDIUM
JetBrains TeamCity <2025.03.1 - Path Traversal
CVSS 4.9
CVE-2025-43016 MEDIUM
JetBrains Rider <2025.1.2 - Privilege Escalation
CVSS 5.4
CVE-2025-27791 HIGH
Collabora Online <24.04.12.4-22.05.25 - Path Traversal
CVE-2025-32017 HIGH
Umbraco Cms < 14.3.4 - Path Traversal
CVSS 8.8
CVE-2025-32409 HIGH
Ratta SuperNote A6 X2 Nomad <December 2024 - RCE
CVSS 8.1
CVE-2025-32137 MEDIUM
s2Member <250214 - Path Traversal
CVSS 4.9
CVE-2025-2007 HIGH
WordPress CSV/XML Datafeed Plugin <7.19 - Privilege Escalation
CVSS 8.1
CVE-2025-2961 MEDIUM
opensolon <3.1.0 - Path Traversal
CVSS 4.3
CVE-2025-29789 HIGH
Open-emr Openemr < 7.0.3 - Path Traversal
CVSS 7.5
CVE-2025-27553 HIGH
Apache Commons Vfs < 2.10.0 - Path Traversal
CVSS 7.5
CVE-2025-2056 HIGH
Wpplugins Hide MY WP Ghost < 5.4.02 - Path Traversal
CVSS 7.5
CVE-2025-23360 HIGH
Nvidia Nemo < 24.12 - Path Traversal
CVSS 7.1
Details
Vulnerabilities 391
Links
MITRE CWE Entry Search this CWE With Exploits