Weaknesses of type CWE-27
27 resultsCVE-2024-23897CRITICALJenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character folloEPSS 100.0%KEVCVE-2024-24809HIGHTraccar vulnerable to Path Traversal: 'dir/../../filename' and Unrestricted Upload of File with Dangerous TypeEPSS 54.4%CVE-2023-34125—Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem wiEPSS 22.7%CVE-2022-24785HIGHPath Traversal in Moment.jsEPSS 5.7%CVE-2023-50254CRITICALDeepin Reader RCE vulnerability due to a design flawEPSS 2.1%CVE-2021-35027HIGHA directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access EPSS 2.0%CVE-2023-27588HIGHUnauthenticated path traversal vulnerability in Hasura GraphQL EngineEPSS 1.3%CVE-2024-21896HIGHThe permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path isEPSS 1.3%CVE-2023-52076HIGHRemote Code Execution Vulnerability in Atril's EPUB ebook parsingEPSS 1.0%CVE-2024-27764CRITICALAn issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component.EPSS 1.0%CVE-2023-20129MEDIUMCisco Prime Infrastructure and Cisco Evolved Programmable Network Manager VulnerabilitiesEPSS 0.9%CVE-2023-20127MEDIUMCisco Prime Infrastructure and Cisco Evolved Programmable Network Manager VulnerabilitiesEPSS 0.9%CVE-2025-66518HIGHApache Kyuubi: Unauthorized directory access due to missing path normalizationEPSS 0.9%CVE-2024-7458MEDIUMelunez eladmin Database Management/Deployment Management upload path traversalEPSS 0.8%CVE-2024-51747CRITICALArbitrary File Read and Delete in kanboardEPSS 0.8%CVE-2024-20348HIGHA vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthEPSS 0.8%CVE-2025-58761HIGHTautulli vulnerable to Unauthenticated Path Traversal in `real_pms_image_proxy`EPSS 0.6%CVE-2026-24457CRITICALAn unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitationEPSS 0.6%CVE-2024-25828MEDIUMcmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php.EPSS 0.6%CVE-2023-20131MEDIUMCisco Prime Infrastructure and Cisco Evolved Programmable Network Manager VulnerabilitiesEPSS 0.6%