CWE-24
111 CVEs classified under CWE-24. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-39813 | Critical | 9.8 | 2026-04-14 | A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of… |
CVE-2022-38129 | Critical | 9.8 | 2022-08-10 | A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (S… |
CVE-2025-61318 | Critical | 9.1 | 2025-12-08 | Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php componen… |
CVE-2023-6699 | Critical | 9.1 | 2024-01-11 | The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the… |
CVE-2025-54769 | High | 8.8 | 2025-07-29 | An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This ca… |
CVE-2025-53513 | High | 8.8 | 2025-07-08 | The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Upload… |
CVE-2024-23657 | High | 8.8 | 2024-08-05 | Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the `getTex… |
CVE-2021-33036 | High | 8.8 | 2022-06-15 | In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary co… |
CVE-2025-60344 | High | 8.6 | 2025-10-21 | A path traversal (directory traversal) vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used f… |
CVE-2026-40318 | High | 8.5 | 2026-04-16 | SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesys… |
CVE-2023-52076 | High | 8.5 | 2024-01-25 | Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists… |
CVE-2023-53691 | High | 8.3 | 2025-10-22 | Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as… |
CVE-2026-22810 | High | 8.2 | 2026-05-18 | Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vuln… |
CVE-2025-63298 | High | 8.2 | 2025-10-30 | A path traversal vulnerability was identified in SourceCodester Pet Grooming Management System 1.0, affecting the admin/manage_website.php component. An authen… |
CVE-2026-28427 | High | 7.5 | 2026-03-04 | OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1, the service listening on port 57118 serves static files for installed plugins but does… |
CVE-2025-67364 | High | 7.5 | 2026-01-07 | fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability ari… |
CVE-2025-51661 | High | 7.5 | 2025-11-19 | A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storag… |
CVE-2025-59049 | High | 7.5 | 2025-09-10 | Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented… |
CVE-2025-48050 | High | 7.5 | 2025-05-15 | In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier… |
CVE-2024-22079 | High | 7.5 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism. |