Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-24

CWE-24

Path Traversal: '../filedir'

Parent: CWE-23 - Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.

110 vulnerabilities with CWE-24

CVE-2026-49103 CRITICAL

Webmin < 2.640 - Path Traversal: '../filedir'

CVE-2026-22810 HIGH

Joplin: Path traversal in OneNote importer allows overwriting arbitrary files

CVE-2026-33431 MEDIUM

Roxy-WI Vulnerable to Authenticated Arbitrary File Read via Path Traversal in Config Version Viewer

CVE-2026-40318 HIGH

SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`

CVE-2026-41082 HIGH

OCaml opam < 2.5.1 - Path Traversal via .install Field

CVE-2026-39813 CRITICAL

FortiSandbox 4.4.0-4.4.8 and 5.0.0-5.0.5 - Path Traversal via '../filedir'

CVE-2026-28538 MEDIUM

Certificate Management Module - Path Traversal

CVE-2026-28427 HIGH

OpenDeck < 2.8.1 - Path Traversal via Plugin Static File Request

CVE-2026-21857 MEDIUM

REDAXO < 5.20.2 - Authenticated Path Traversal via Backup Addon EXPDIR Parameter

CVE-2026-21436 MEDIUM

eopkg < 4.4.0 - Path Traversal via --destdir Parameter

CVE-2025-67364 HIGH

fast-filesystem-mcp 3.4.0 - Path Traversal via Symlink Bypass in safePath and isPathAllowed

CVE-2025-68430 MEDIUM

CVAT 2.8.1-2.52.0 - Authenticated Directory Listing via Path Traversal

CVE-2025-67845 MEDIUM

Mintlify < 2025-11-15 - Directory Traversal and Arbitrary File Write via Static Asset Proxy Endpoint

CVE-2025-61318 CRITICAL

Emlog Pro 2.5.20 - Path Traversal and Arbitrary File Deletion via Admin Template and Plugin Components

CVE-2025-51661 HIGH

FileCodeBox < 2.2 - Unauthenticated Path Traversal and Arbitrary File Write via SystemFileStorage.save_file

CVE-2025-13199 MEDIUM

Email Logging Interface 2.0 - Path Traversal via Username Argument

CVE-2025-63298 HIGH

SourceCodester Pet Grooming Mgmt <1.0 - Path Traversal

CVE-2025-60344 HIGH

D-Link DSR-150, DSR-150N, and DSR-250N v1.09B32_WW - Unauthenticated Path Traversal

CVE-2025-57618 HIGH

FastX3 <= 3.3.67 - Unauthenticated Path Traversal and Remote Code Execution

CVE-2025-57563 MEDIUM

StarNet Communications Corporation FastX <4.1.51 - Path Traversal

CVE-2025-61189 MEDIUM

jeecg_boot < 3.8.2 - Path Traversal via /sys/comment/addFile Endpoint

CVE-2025-61188 MEDIUM

jeecg_boot < 3.8.2 - Path Traversal via File Upload

CVE-2025-59342 MEDIUM

esm.sh < 136.1 - Path Traversal and Arbitrary File Write via X-Zone-Id Header

CVE-2025-59049 HIGH

Mockoon < 9.2.0 - Path Traversal and Local File Inclusion via Static File Serving Configuration

CVE-2025-26427 MEDIUM

Android - Path Traversal in DownloadProvider and Frameworks Base

Page 1 of 5 Next

Details

Vulnerabilities 110

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy