Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and
An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers
Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted
Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability ex
Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare’s chunked upload endpoint allows an attacker to write arbitrary f
A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory.
In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitr
Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.12.3, Compliance Guardian 4.7.1, and earlier versions, allowing administrator users to upload files without proper validation. An a
A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary file
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could res
CVE-2026-3179
CRITICAL CVSS 9.2
Find Similar
The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path tra
Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' seque
A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution
CVE-2026-7302
CRITICAL CVSS 9.1
Find Similar
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by i
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequ
An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow
An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination dir
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpect
A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloa