CWE-23 · Relative Path Traversal

428 CVEs classified under CWE-23 (Relative Path Traversal). Browse by severity and year.

Top CVEs for CWE-23
CVESeverityScorePublishedSummary
CVE-2026-52813Critical10.02026-06-24Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences (../) are accepted by Gogs, and reposit…
CVE-2026-33494Critical10.02026-03-26ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior…
CVE-2023-3941Critical10.02024-05-21Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affec…
CVE-2024-24578Critical10.02024-03-18RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a u…
CVE-2012-6069Critical10.02013-01-21The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside…
CVE-2025-62878Critical9.92026-02-25A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensiti…
CVE-2025-52207Critical9.92025-06-27PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory.
CVE-2023-40714Critical9.92025-04-02A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege vi…
CVE-2024-3025Critical9.92024-04-10mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. At…
CVE-2023-6825Critical9.92024-03-13The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version)…
CVE-2023-37913Critical9.92023-10-25XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versi…
CVE-2023-3701Critical9.92023-10-04Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged use…
CVE-2026-21659Critical9.82026-02-27Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD …
CVE-2024-47856Critical9.82025-11-24In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not…
CVE-2025-64446Critical9.82025-11-14A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 th…
CVE-2025-3365Critical9.82025-06-06A missing protection against path traversal allows to access any file on the server.
CVE-2025-23410Critical9.82025-03-05When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supp…
CVE-2023-34990Critical9.82024-12-18A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via…
CVE-2024-11315Critical9.82024-11-18The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to uploa…
CVE-2024-11314Critical9.82024-11-18The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to uploa…