CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

509 matches found

WordPress WP01 - Path Traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in wp01ru WP01 allows Path Traversal. This issue affects WP01: from n/a through 2.6.2. id: CVE-2025-30567 info: name: WordPress WP01 - Path Traversal author: s4e-io severity: high description: | Improper...

7.5CVSS5.4AI score0.43807EPSS

Exploits0References3

Broadcom•added 2026/05/19 12:0 a.m.•8 views

Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection (CVE-2026-27641)

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...

9.8CVSS6.5AI score0.00226EPSS

Exploits1

Vulnrichment•added 2026/04/28 1:45 a.m.•0 views

CVE-2026-7214 eghuzefa engineer-your-data server.py file_inf path traversal

A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function readfile/writefile/listfiles/fileinf of the file src/server.py. The manipulation of the argument WORKSPACEPATH leads to path traversal. The attack may be initiated remotely. The...

7.5CVSS7.1AI score0.00061EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 12:45 p.m.•5 views

CVE-2005-1450

Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact...

7.5CVSS6.9AI score0.00527EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:36 p.m.•3 views

CVE-2023-49735

UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...

7.5CVSS6.7AI score0.00567EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:43 a.m.•5 views

CVE-2010-0537

DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name...

2.6CVSS6.4AI score0.00236EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:47 a.m.•3 views

CVE-2022-31511

The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.00432EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:46 a.m.•4 views

CVE-2022-31538

The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.00432EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:51 a.m.•7 views

CVE-2020-10977

GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects...

5.5CVSS6.5AI score0.04767EPSS

Exploits10References1

RedhatCVE•added 2026/01/09 9:16 a.m.•11 views

CVE-2025-40573

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0 HF0. Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder...

6.7CVSS6AI score0.00129EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:59 a.m.•3 views

CVE-2023-49753

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in spoonthemes Adifier System allows PHP Local File Inclusion.This issue affects Adifier System: from n/a before 3.1.4...

7.5CVSS6.8AI score0.00826EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:54 a.m.•5 views

CVE-2021-41242

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...

8.1CVSS6.7AI score0.00788EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:44 a.m.•4 views

CVE-2022-23854

AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server...

7.5CVSS6.7AI score0.92182EPSS

Exploits5References1

RedhatCVE•added 2026/01/07 9:18 a.m.•10 views

CVE-2025-1973

The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the downloadfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrar...

4.9CVSS6.8AI score0.0018EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:9 a.m.•6 views

CVE-2024-2362

A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of...

9.1CVSS9.1AI score0.01907EPSS

Exploits1References1