Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-23

CWE-23

Relative Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

417 vulnerabilities with CWE-23

CVE-2025-23360 HIGH

NVIDIA Nemo < 24.12 - Relative Path Traversal and Arbitrary File Write

CVE-2025-26645 HIGH

Windows 10/11, Server 2008 - RCE via Remote Desktop Client Path Traversal

CVE-2025-27610 HIGH

Rack < 2.2.13 - Path Traversal via Encoded Path Sequences

CVE-2025-23410 CRITICAL

GMOD Apollo < 2.8.0 - Path Traversal via Archive Upload

CVE-2025-25130 HIGH

Delete Comments By Status <2.1.1 - Path Traversal

CVE-2025-27410 MEDIUM

pwndoc < 1.2.0 - Authenticated Path Traversal and Remote Code Execution via Backup Restore

CVE-2025-1599 MEDIUM

Best Church Management Software 1.0 - Path Traversal via old_cat_img Parameter

CVE-2025-1588 MEDIUM

PHPGurukul Online Nurse Hiring System 1.0 - Path Traversal via Profile Picture Upload

CVE-2025-1584 MEDIUM

Solon < 3.0.9 - Path Traversal via StaticMappings

CVE-2025-20059 CRITICAL

PingAM Java Policy Agent <5.10.3-2024.9 - Path Traversal

CVE-2025-0822 MEDIUM

Bit Assist < 1.5.3 - Authenticated Path Traversal via fileID Parameter

CVE-2025-26349 HIGH

Q-Free MaxTime <= 2.11.0 - Authenticated Arbitrary File Write via File Upload Path Traversal

CVE-2025-1086 MEDIUM

Safetytest Cloud-Master Server <1.1.1 - Path Traversal

CVE-2025-23011 HIGH

Fedorarepository Fcrepo < 6.5.1 - Path Traversal

CVE-2025-0390 MEDIUM

Guangzhou Huayi Intelligent Technology Jeewms < 2025-01-01 - Path Traversal via /wmOmNoticeHController.do

CVE-2025-0225 MEDIUM

Tsinghua Unigroup Electronic Archives System 3.2.210802(62532 - Pat...

CVE-2024-47856 CRITICAL

RSA Authentication Agent <7.4.7 - Path Traversal

CVE-2024-48892 MEDIUM

FortiSOAR 7.3.0-7.5.1, 7.6.0 - Authenticated Arbitrary File Read via Malicious Solution Pack Upload

CVE-2024-40588 MEDIUM

Fortinet FortiCamera <all> - Path Traversal

CVE-2024-9363 HIGH

Polyaxon - Unauthenticated Arbitrary File Deletion and Denial of Service via Container File Removal

CVE-2024-8551 CRITICAL

modelscope/agentscope < - Path Traversal

CVE-2024-7058 MEDIUM

lollms_web_ui - Path Traversal via Relative Path Bypass in sanitize_path Function

CVE-2024-6583 MEDIUM

quivr - Path Traversal and Arbitrary File Write via S3 Upload Request

CVE-2024-6483 MEDIUM

aimhubio/aim <3.19.3 - Path Traversal

CVE-2024-10513 HIGH

AnythingLLM < 1.2.2 - Authenticated Path Traversal and Arbitrary File Manipulation via Document Uploads Manager

Previous Page 7 of 17 Next

Details

Vulnerabilities 417

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy