Directory-Traversal

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability, tracked as CVE-2018-25374, allowing unauthenticated attackers to read arbitrary files by manipulating the path parameter in requests to nocache.php.

Algernon is vulnerable to remote code execution due to unbounded upward directory traversal when searching for `handler.lua`, allowing attackers with write access to parent directories to execute arbitrary code.

WordPress Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability (CVE-2021-47977) that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter in requests to admin-ajax.php.

Joomla com_fabrik 3.9.11 is vulnerable to a directory traversal attack (CVE-2020-37219) where an unauthenticated attacker can list arbitrary files by manipulating the folder parameter in a GET request to the onAjax_files method, using path traversal sequences to access system directories outside the web root.

OpenClaw before 2026.4.2 is vulnerable to arbitrary directory deletion in mirror mode, enabling attackers to delete remote directories by manipulating remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values.

A vulnerability in the `compressing` npm package (<=v2.1.0) allows for arbitrary file overwrite via symlink path traversal, bypassing a previous patch for CVE-2026-24884.

LORIS, a neuroimaging research data management web application, is vulnerable to directory traversal (CVE-2026-35446) due to an incorrect order of operations in the FilesDownloadHandler, allowing authenticated attackers to access unauthorized files.

SiYuan note taking application is vulnerable to a directory traversal via the /api/file/readDir endpoint, which does not require authentication, allowing an attacker to enumerate the directory structure and retrieve file names, potentially leading to arbitrary document reading.