The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.
103 vulnerabilities with CWE-24
CVE-2024-43035
MEDIUM
Fonoster 0.5.5 - Path Traversal
CVSS 5.8
CVE-2026-28538
MEDIUM
Certificate Management Module - Path Traversal
CVSS 5.9
CVE-2026-28427
OpenDeck <2.8.1 - Path Traversal
CVE-2026-21857
MEDIUM
Redaxo < 5.20.2 - Path Traversal
CVSS 6.5
CVE-2025-67364
HIGH
Efforthye Fast-filesystem-mcp - Path Traversal
CVSS 7.5
CVE-2026-21436
MEDIUM
eopkg <4.4.0 - Path Traversal
CVSS 5.5
CVE-2025-68430
MEDIUM
CVAT <2.52.0 - Info Disclosure
CVSS 4.3
CVE-2025-67845
MEDIUM
Mintlify < 2025-11-15 - Path Traversal
CVSS 6.4
CVE-2025-61318
CRITICAL
Emlog Pro 2.5.20 - Path Traversal
CVSS 9.1
CVE-2025-51661
HIGH
Lanol Filecodebox < 2.2 - Path Traversal
CVSS 7.5
CVE-2025-13199
MEDIUM
Fabian Email Logging Interface - Path Traversal
CVSS 5.3
CVE-2025-63298
HIGH
SourceCodester Pet Grooming Mgmt <1.0 - Path Traversal
CVSS 8.2
CVE-2023-53691
HIGH
Hikvision CSMP iSecure Center <2023-06-25 - Path Traversal
CVSS 8.3
CVE-2025-60344
HIGH
D-Link DSR - Local File Inclusion
CVSS 8.6
CVE-2025-57618
HIGH
FastX3 <3.3.67 - Path Traversal
CVSS 7.3
CVE-2025-57563
MEDIUM
StarNet Communications Corporation FastX <4.1.51 - Path Traversal
CVSS 6.5
CVE-2025-61189
MEDIUM
Jeecgboot <3.8.2 - Path Traversal
CVSS 6.3
CVE-2025-61188
MEDIUM
Jeecgboot <3.8.2 - Path Traversal
CVSS 6.3
CVE-2025-59342
esm.sh <136 - Path Traversal
CVE-2025-59049
HIGH
Mockoon Commons-server < 9.2.0 - Path Traversal
CVSS 7.5
CVE-2025-26427
MEDIUM
Google Android - Path Traversal
CVSS 4.4
CVE-2025-56760
MEDIUM
Memos - Path Traversal
CVSS 4.3
CVE-2025-46094
LOW
Liquidfiles < 4.1.2 - Path Traversal
CVSS 3.8
CVE-2025-44962
MEDIUM
Commscope Ruckus Smartzone Firmware < 6.1.2 - Path Traversal
CVSS 5.0
CVE-2025-54769
HIGH
Xorux Lpar2rrd < 8.04 - Remote Code Execution
CVSS 8.8
Details
Vulnerabilities
103