CVE List – Find High-Risk & Exploited Vulnerabilities ATT&CK Technique:Defense Evasion / Relative Path Traversal

MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.

Showing 120 (more results available)
«« First « Prev Page 1 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-56196 Relative path traversal in Windows Admin Center allows an authorized attacker to execute code over a network. 8.8 N/A 2026-07-14 2026-07-14
CVE-2026-50454 Relative path traversal in Windows User Interface Core allows an authorized attacker to elevate privileges locally. 7.8 N/A 2026-07-14 2026-07-14
CVE-2026-50426 Relative path traversal in DNS Server allows an authorized attacker to execute code over an adjacent network. 6.8 N/A 2026-07-14 2026-07-14
CVE-2026-50663 Relative path traversal in Age of Empires II: Definitive Edition Game allows an unauthorized attacker to execute code over a network. 8.8 N/A 2026-07-14 2026-07-14
CVE-2026-40400 Relative path traversal in Windows PowerShell allows an authorized attacker to execute code over a network. 8.0 N/A 2026-07-14 2026-07-14
CVE-2026-14903 Path traversal in Ivanti  Xtraction before version 2026.2.1 allows a remote authenticated attacker to read arbitrary files outside the web root. 7.7 N/A 2026-07-14 2026-07-14
CVE-2026-55474 Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary files accessible to the web server process. This issue is fixed in version 8.5.0. 7.1 0.33% 2026-07-10 2026-07-10
CVE-2026-59792 In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible 9.6 0.42% 2026-07-10 2026-07-14
CVE-2026-50181 Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's `ReadFileTool` and `WriteFileTool` appear to treat `curr_dir` as the intended working-directory boundary for file operations. However, the tools only change the process working directory to `curr_dir` and then operate on the user-supplied `file_path` without resolving and enforcing that the final path remains inside `curr_dir`. As a result, a tool caller can supply path traversal s 7.1 0.18% 2026-07-09 2026-07-13
CVE-2026-59832 SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath containment or sensitive-path checks, allowing an authenticated request such as /snippets/%2e%2e/%2e%2e/conf/conf.json to read workspace secrets and the document database. This issue is fixed in versions 3.7.1. 7.7 0.32% 2026-07-09 2026-07-10
CVE-2026-59149 Mockoon provides way to design and run mock APIs. Prior to 9.7.0, a FILE response whose filePath embeds request data is confined by getSafeFilePath in packages/commons-server/src/libs/server/server.ts with resolvedPath.startsWith(staticBaseDir). That prefix test has no path-separator boundary, so a ../-escaped path whose absolute form string-prefixes the base directory passes, allowing an unauthenticated client to read files from sibling paths outside the served directory through HTTP sendFile, 6.5 0.33% 2026-07-09 2026-07-10
CVE-2026-61343 LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. Fixed in 5.1.0. 8.6 0.84% 2026-07-09 2026-07-09
CVE-2026-8650 Relative path traversal vulnerability in Progress MOVEit Transfer (Admin Settings module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3. 4.5 0.36% 2026-07-08 2026-07-09
CVE-2026-59996 scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations. 4.2 0.20% 2026-07-07 2026-07-09
CVE-2026-59995 sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server. 4.2 0.20% 2026-07-07 2026-07-09
CVE-2026-14476 A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL configurations with SELinux enforcing, this can be used to inject Kerberos configuration leading to authentication bypass. 8.0 0.50% 2026-07-07 2026-07-07
CVE-2026-57871 Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files. This issue affects MicroRealEstate: through 1.0.0-alpha3. 7.1 0.36% 2026-07-07 2026-07-07
CVE-2025-53829 ownCloud is a file storage, synchronization, and sharing application. In ownCloud 10 prior to version 10.15.3, an attacker with administrative privileges can exploit a path traversal vulnerability in the system to execute arbitrary code. Upgrade ownCloud 10 to version 10.15.3 or later to receive a patch. 8.0 0.34% 2026-07-06 2026-07-08
CVE-2026-58522 Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally. 6.8 0.29% 2026-07-03 2026-07-07
CVE-2026-57988 Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. 7.1 0.54% 2026-07-03 2026-07-07
«« First « Prev Page 1 / 2 Next »
cvelogic Threat Intelligence