Explore CVEs related to Directory Traversal vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing Directory Traversal CVEs published in 2020. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2018-19945 | A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x. | 9.1 | 1.11% | 2020-12-31 | 2026-06-16 |
| CVE-2020-35883 | An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename. | 9.1 | 1.51% | 2020-12-31 | 2026-06-16 |
| CVE-2020-27534 | util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. | 5.3 | 1.75% | 2020-12-30 | 2026-06-16 |
| CVE-2020-5811 | An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package. | 6.5 | 9.37% | 2020-12-30 | 2026-06-16 |
| CVE-2020-27643 | The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation. | 6.5 | 1.41% | 2020-12-29 | 2026-06-16 |
| CVE-2020-27172 | An issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the infected-file restore mechanism to achieve arbitrary write that leads to elevation of privileges. | 9.8 | 1.33% | 2020-12-28 | 2026-06-16 |
| CVE-2020-35766 | The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the "A number of self-test programs are included here for unit-testing the library" situation. | 7.8 | 0.52% | 2020-12-28 | 2026-06-16 |
| CVE-2020-35612 | An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability. | 7.5 | 1.58% | 2020-12-28 | 2026-06-16 |
| CVE-2020-35611 | An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values. | 7.5 | 1.31% | 2020-12-28 | 2026-06-16 |
| CVE-2020-35736 | GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused. | 7.5 | 15.40% | 2020-12-27 | 2026-06-16 |
| CVE-2020-35362 | DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value). | 7.5 | 1.62% | 2020-12-26 | 2026-06-16 |
| CVE-2020-35284 | Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product's source code is available. | 7.5 | 1.62% | 2020-12-26 | 2026-06-16 |
| CVE-2020-35710 | Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like "host":"192.168.###.###" in the POST data. | 5.3 | 1.66% | 2020-12-25 | 2026-06-16 |
| CVE-2020-35709 | bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal. | 4.9 | 1.05% | 2020-12-25 | 2026-06-16 |
| CVE-2020-28187 | Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to /include/core/index.php. | 9.8 | 16.35% | 2020-12-24 | 2026-06-16 |
| CVE-2020-2504 | If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. | 5.8 | 1.02% | 2020-12-23 | 2026-06-16 |
| CVE-2020-35598 | ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623 | 7.5 | 21.00% | 2020-12-23 | 2026-06-16 |
| CVE-2020-35370 | A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server. | 8.8 | 7.47% | 2020-12-23 | 2026-06-16 |
| CVE-2020-25192 | The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization. | 5.3 | 0.94% | 2020-12-23 | 2026-06-16 |
| CVE-2020-35658 | SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. | 5.3 | 0.51% | 2020-12-22 | 2026-06-16 |