Weaknesses of type CWE-23
424 resultsCVE-2023-2356CRITICALRelative Path Traversal in mlflow/mlflowEPSS 4.2%CVE-2020-5237HIGHRelative Path Traversal in oneup/uploader-bundleEPSS 3.9%CVE-2019-3943—MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authEPSS 3.7%CVE-2020-12006—Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a loEPSS 3.7%CVE-2020-8570—Kubernetes Java client libraries unvalidated path traversal in Copy implementationEPSS 3.5%CVE-2024-49062MEDIUMMicrosoft SharePoint Information Disclosure VulnerabilityEPSS 3.2%CVE-2025-26645HIGHRemote Desktop Client Remote Code Execution VulnerabilityEPSS 3.2%CVE-2022-20754CRITICALCisco Expressway Series and Cisco TelePresence Video Communication Server VulnerabilitiesEPSS 3.2%CVE-2022-20755CRITICALCisco Expressway Series and Cisco TelePresence Video Communication Server VulnerabilitiesEPSS 3.2%CVE-2020-27304—The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-baEPSS 3.1%CVE-2023-1112MEDIUMDrag and Drop Multiple File Upload Contact Form 7 admin-ajax.php path traversalEPSS 3.0%CVE-2022-2120HIGHOFFIS DCMTK Path TraversalEPSS 2.8%CVE-2017-13996—A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access toEPSS 2.8%CVE-2025-26349HIGHA CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticatEPSS 2.7%CVE-2017-9664—In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker EPSS 2.7%CVE-2019-18338HIGHA vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a direcEPSS 2.6%CVE-2012-6069CRITICAL3S CoDeSys Relative Path TraversalEPSS 2.6%CVE-2018-10615—Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prioEPSS 2.6%CVE-2025-53779HIGHWindows Kerberos Elevation of Privilege VulnerabilityEPSS 2.6%CVE-2023-38185HIGHMicrosoft Exchange Server Remote Code Execution VulnerabilityEPSS 2.6%