Login Sign Up

CWE-23: CWE-23

146
Total CVEs
26
Critical
76
High
7.4
Avg CVSS
1
In CISA KEV

Yearly Trend

2026
12
2025
69
2024
34
2023
11
2022
6

Top Affected Vendors

1 Fortinet 9
2 Microsoft 5
3 Jetbrains 5
4 Trcore 4
5 Dell 3
6 Qnap 3
7 Apache 3
8 Rockwellautomation 2
9 Flutter 2
10 Ibm 2

All CWE-23 CVEs (146)

CVE-2024-24578
10.0

CVE-2024-24578 is an unauthenticated remote code execution vulnerability in RaspberryMatic/OCCU IoT operating systems. Attackers can exploit the HMIPS...

Mar 18, 2024
CVE-2025-62878
9.9

This CVE allows attackers to manipulate PersistentVolume path patterns to create volumes in arbitrary host node locations, potentially overwriting sen...

Feb 25, 2026
CVE-2025-52207
9.9

This vulnerability allows unauthenticated attackers to upload PHP scripts to arbitrary directories on MikoPBX systems, potentially leading to remote c...

Jun 27, 2025
CVE-2023-40714
9.9

This vulnerability allows attackers to perform relative path traversal in Fortinet FortiSIEM, enabling privilege escalation by uploading malicious GUI...

Apr 2, 2025
CVE-2024-3025
9.9

This path traversal vulnerability in mintplex-labs/anything-llm allows attackers to read or delete files outside the intended directory by manipulatin...

Apr 10, 2024
CVE-2023-3701
9.9

Aqua Drive version 2.4 has a relative path traversal vulnerability that allows authenticated users to access and modify other users' stored resources....

Oct 4, 2023
CVE-2024-47856
9.8

This vulnerability allows attackers to execute arbitrary code with SYSTEM privileges on Windows systems running vulnerable RSA Authentication Agent ve...

Nov 24, 2025
CVE-2025-64446
KEV EPSS 89% 9.8

A relative path traversal vulnerability in Fortinet FortiWeb web application firewalls allows attackers to execute administrative commands via crafted...

Nov 14, 2025
CVE-2025-3365
9.8

CVE-2025-3365 is a path traversal vulnerability that allows attackers to access arbitrary files on vulnerable servers by manipulating file paths. This...

Jun 6, 2025
CVE-2025-23410
9.8

CVE-2025-23410 is a path traversal vulnerability in GMOD Apollo's web interface that allows attackers to write arbitrary files to the server filesyste...

Mar 5, 2025
CVE-2023-34990
9.8

This vulnerability allows attackers to perform relative path traversal attacks on Fortinet FortiWLM systems, enabling unauthorized code execution or c...

Dec 18, 2024
CVE-2024-11315
9.8

CVE-2024-11315 is a critical path traversal vulnerability in TRCore's DVC that allows unauthenticated remote attackers to upload arbitrary files to an...

Nov 18, 2024
CVE-2024-11313
9.8

CVE-2024-11313 is a critical path traversal vulnerability in TRCore's DVC that allows unauthenticated remote attackers to upload arbitrary files to an...

Nov 18, 2024
CVE-2024-11311
9.8

CVE-2024-11311 is a critical path traversal vulnerability in TRCore's DVC that allows unauthenticated remote attackers to upload arbitrary files to an...

Nov 18, 2024
CVE-2023-4897
9.8

This vulnerability allows attackers to perform relative path traversal attacks in the Anything-LLM software, enabling unauthorized access to files out...

Sep 11, 2023
CVE-2021-40870
9.8

This vulnerability allows unauthenticated attackers to upload malicious files and execute arbitrary code on Aviatrix Controller systems via path trave...

Sep 13, 2021
CVE-2020-8271
9.8

This vulnerability allows unauthenticated attackers to execute arbitrary code with root privileges on Citrix SD-WAN Center appliances. It affects orga...

Nov 16, 2020
CVE-2020-25172
9.8

CVE-2020-25172 is a critical path traversal vulnerability in B. Braun OnlineSuite that allows unauthenticated attackers to upload or download arbitrar...

Nov 6, 2020
CVE-2019-17640
9.8

CVE-2019-17640 is a path traversal vulnerability in Eclipse Vert.x's StaticHandler component on Windows systems. It allows attackers to escape the con...

Oct 15, 2020
CVE-2026-25057
9.1

This vulnerability allows instructors to achieve arbitrary file write on the server by uploading specially crafted zip files. Attackers could write ma...

Feb 9, 2026
CVE-2025-55747
9.1

XWiki Platform versions 6.1-milestone-2 through 16.10.6 expose configuration files via the webjars API, allowing attackers to access sensitive system ...

Sep 3, 2025
CVE-2024-47051
9.1

This CVE addresses two critical vulnerabilities in Mautic versions before 5.2.3: a Remote Code Execution (RCE) via asset upload that allows authentica...

Feb 26, 2025
CVE-2020-25176
9.1

CVE-2020-25176 is a directory traversal vulnerability in Rockwell Automation ISaGRAF Runtime that allows remote, unauthenticated attackers to access a...

Mar 18, 2022
CVE-2021-24035
9.1

This vulnerability allows attackers to perform path traversal attacks when WhatsApp processes ZIP archives, potentially overwriting critical WhatsApp ...

Jun 11, 2021
CVE-2020-8570
9.1

CVE-2020-8570 is a path traversal vulnerability in Kubernetes Java client libraries that allows attackers to write files outside the intended director...

Jan 21, 2021
CVE-2022-20754
9.0

This vulnerability allows authenticated attackers with read/write privileges on Cisco Expressway Series and TelePresence VCS systems to write arbitrar...

Apr 6, 2022
CVE-2025-55115
8.8

A path traversal vulnerability in Control-M/Agent allows local attackers to escalate privileges on systems running affected versions. This impacts use...

Sep 16, 2025
CVE-2024-54449
8.8

This vulnerability allows authenticated attackers with document read/write privileges to write arbitrary files to any location on the LogicalDOC serve...

Mar 14, 2025
CVE-2025-26645
8.8

This vulnerability allows attackers to exploit relative path traversal in Remote Desktop Client to execute arbitrary code remotely. It affects systems...

Mar 11, 2025
CVE-2025-23011
8.8

Fedora Repository 3.8.1 contains a path traversal vulnerability (Zip Slip) that allows authenticated attackers to upload malicious archives containing...

Jan 23, 2025
CVE-2024-20449
8.8

This vulnerability allows authenticated remote attackers with low privileges to execute arbitrary code as root on Cisco Nexus Dashboard Fabric Control...

Oct 2, 2024
CVE-2024-3497
8.8

A path traversal vulnerability in Toshiba printer web servers allows attackers to overwrite existing files or upload new ones. This affects specific T...

Jun 14, 2024
CVE-2024-35186
8.8

This vulnerability in gitoxide's gix-worktree-state allows attackers to place files anywhere writable by the application during checkout. It affects u...

May 23, 2024
CVE-2024-33615
8.8

This vulnerability allows attackers to upload specially crafted Zip files containing path traversal characters to CyberPower PowerPanel servers, enabl...

May 15, 2024
CVE-2022-41335
8.8

This CVE-2022-41335 is a relative path traversal vulnerability in Fortinet products that allows authenticated attackers to read and write arbitrary fi...

Feb 16, 2023
CVE-2021-43176
8.8

This vulnerability allows attackers to execute arbitrary PHP files on GOautodial servers by manipulating the 'action' parameter in API calls. When com...

Dec 7, 2021
CVE-2021-41178
8.8

Nextcloud versions prior to 20.0.13, 21.0.5, and 22.2.0 contain a file traversal vulnerability that allows attackers to download arbitrary SVG files f...

Oct 25, 2021
CVE-2021-28798
8.8

This CVE describes a relative path traversal vulnerability in QNAP NAS devices running QTS and QuTS hero operating systems. If exploited, attackers ca...

May 21, 2021
CVE-2025-58760
8.6

CVE-2025-58760 is a path traversal vulnerability in Tautulli's /image API endpoint that allows unauthenticated attackers to read arbitrary files from ...

Sep 9, 2025
CVE-2024-49253
8.6

This CVE describes a relative path traversal vulnerability in the WordPress Analyse Uploads plugin that allows attackers to delete arbitrary files on ...

Oct 16, 2024
CVE-2020-4039
8.6

CVE-2020-4039 is a directory traversal vulnerability in SUSI.AI Server that allows attackers to read, move, or delete files accessible to the applicat...

Apr 30, 2021
CVE-2025-54317
8.4

A path traversal vulnerability in Logpoint versions before 7.6.0 allows authenticated attackers with operator privileges to create malicious Layout Te...

Jul 20, 2025
CVE-2025-33112
8.4

This vulnerability in IBM AIX and VIOS Perl implementations allows a local non-privileged user to execute arbitrary code by exploiting improper pathna...

Jun 10, 2025
CVE-2020-7861
8.4

CVE-2020-7861 is a directory traversal vulnerability in AnySupport remote support software that allows attackers to copy arbitrary files from a manage...

Apr 22, 2021
CVE-2026-2818
8.2

CVE-2026-2818 is a zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality that allows attackers to write arbitrary...

Feb 20, 2026
CVE-2026-26362
8.1

Dell Unisphere for PowerMax version 10.2 contains a relative path traversal vulnerability that allows low-privileged remote attackers to modify critic...

Feb 19, 2026
CVE-2025-66626
8.1

This vulnerability in Argo Workflows allows attackers to overwrite the argoexec file with malicious scripts via specially crafted archives containing ...

Dec 9, 2025
CVE-2025-32409
8.1

This vulnerability allows remote attackers to execute arbitrary code on Ratta SuperNote A6 X2 Nomad devices by sending specially crafted firmware imag...

Apr 7, 2025
CVE-2025-2007
8.1

This vulnerability in the Import Export Suite for CSV and XML Datafeed WordPress plugin allows authenticated attackers with Subscriber-level access or...

Apr 1, 2025
CVE-2022-21177
8.1

This path traversal vulnerability in Yokogawa's CAMS for HIS Log Server allows attackers to access arbitrary files on affected systems. It affects ind...

Mar 11, 2022

About CWE-23 (CWE-23)

Our database tracks 146 CVEs classified as CWE-23, with 26 rated critical and 76 rated high severity. The average CVSS score for CWE-23 vulnerabilities is 7.4.

External reference: View CWE-23 on MITRE CWE →

Monitor CWE-23 Vulnerabilities

Get alerted when new CWE-23 CVEs affect your infrastructure.

Start Monitoring Free