Vulnerabilities in traccar
16 resultsCVE-2024-24809HIGHTraccar vulnerable to Path Traversal: 'dir/../../filename' and Unrestricted Upload of File with Dangerous TypeEPSS 54.4%CVE-2024-31214CRITICALTraccar's unrestricted file upload vulnerability in device image upload could lead to remote code executionEPSS 17.6%CVE-2025-61666HIGHTraccar Unauthenticated Local File Inclusion on Windows - Leakage of Traccar Config FileEPSS 1.2%CVE-2020-5246HIGHLDAP injection vulnerability in Traccar GPS Tracking SystemEPSS 0.9%CVE-2023-50729HIGHAn unrestricted file upload vulnerability in traccar leads to RCEEPSS 0.6%CVE-2025-68930HIGHTraccar Missing Origin Validation in WebSocketsEPSS 0.5%CVE-2024-7746CRITICALUse of default credentials at Traccar fleet management solutionEPSS 0.5%CVE-2021-21292MEDIUMUnquoted Windows binary path in TraccarEPSS 0.4%CVE-2026-48745CRITICALTraccar Client: silent configuration hijack via unverified deep link redirects all GPS telemetryEPSS 0.3%CVE-2026-23521MEDIUMTraccar vulnerable to Path Traversal and External Control of File Name or PathEPSS 0.3%CVE-2026-25648HIGHTraccar Vulnerable to Stored Cross-Site Scripting (XSS) via Malicious SVG File UploadEPSS 0.3%CVE-2026-27644MEDIUMtraccar allows CSV formula injection via exported position dataEPSS 0.2%CVE-2026-44314MEDIUMTraccar: Missing edit authorization on device image upload allows read-only users to write filesEPSS 0.2%CVE-2026-27693MEDIUMtraccar allows XML injection in KML and GPX exportsEPSS 0.2%CVE-2026-27694MEDIUMtraccar allows stored HTML injection in notification emailsEPSS 0.2%CVE-2026-25649HIGHTraccar Vulnerable to Authorization Code Theft via Open Redirect in OIDC Provider EndpointsEPSS 0.1%