CWE-24

111 CVEs classified under CWE-24. Browse by severity and year.

Top CVEs for CWE-24
CVESeverityScorePublishedSummary
CVE-2026-39813Critical9.82026-04-14A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of…
CVE-2022-38129Critical9.82022-08-10A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (S…
CVE-2025-61318Critical9.12025-12-08Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php componen…
CVE-2023-6699Critical9.12024-01-11The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the…
CVE-2025-54769High8.82025-07-29An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This ca…
CVE-2025-53513High8.82025-07-08The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Upload…
CVE-2024-23657High8.82024-08-05Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the `getTex…
CVE-2021-33036High8.82022-06-15In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary co…
CVE-2025-60344High8.62025-10-21A path traversal (directory traversal) vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used f…
CVE-2026-40318High8.52026-04-16SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesys…
CVE-2023-52076High8.52024-01-25Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists…
CVE-2023-53691High8.32025-10-22Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as…
CVE-2026-22810High8.22026-05-18Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vuln…
CVE-2025-63298High8.22025-10-30A path traversal vulnerability was identified in SourceCodester Pet Grooming Management System 1.0, affecting the admin/manage_website.php component. An authen…
CVE-2026-28427High7.52026-03-04OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1, the service listening on port 57118 serves static files for installed plugins but does…
CVE-2025-67364High7.52026-01-07fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability ari…
CVE-2025-51661High7.52025-11-19A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storag…
CVE-2025-59049High7.52025-09-10Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented…
CVE-2025-48050High7.52025-05-15In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier…
CVE-2024-22079High7.52024-03-20An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism.