Security Risk Category
path-traversal Security Risks
Published vulnerability pages connected to path-traversal. One risk can appear in multiple categories while keeping one canonical page.
path-traversal risks
Showing 3 of 3 published risks.
mcp-text-editor Path Traversal Vulnerability
A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affects the function _validate_file_path of the file mcp_text_editor/text_editor.py. Such manipulation of the argument file_path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor closed the GitHub issue for this vulnerability without any explanation.
Updated Jul 10, 2026
BOSH CLI blobs.yml Path Traversal Vulnerability
The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4.
Updated Jul 10, 2026
Bit Form WordPress Plugin Arbitrary File Deletion Vulnerability
The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config).
Updated Jul 10, 2026
