CWE-22: Path Traversal

This zip slip vulnerability in MojoPortal CMS allows attackers to upload malicious zip files that extract to arbitrary locations on the server, potent...

A path traversal vulnerability in the ZBT WE2001 router's check_token function allows remote attackers to bypass authentication by manipulating sessio...

CVE-2026-24897 is a critical path traversal vulnerability in Erugo file-sharing platform that allows authenticated low-privileged users to upload arbi...

Delta Electronics DIALink has a directory traversal authentication bypass vulnerability that allows attackers to access restricted files and bypass au...

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted directories and execute arbitrary code on affecte...

This is a critical directory traversal vulnerability in Convoy KVM server management panel that allows unauthenticated remote attackers to include and...

A path traversal vulnerability in WeGIA's examples.php endpoint allows attackers to read the config.php file, which contains database credentials. Thi...

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that allows attackers to download or delete arbitrary ...

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery container, which runs with root privileges and data...

This vulnerability in DeepJavaLibrary (DJL) allows attackers to overwrite system files by exploiting improper path validation when extracting archived...

This vulnerability allows attackers to access arbitrary files on the application server file system through a path traversal flaw in JavaServer Faces ...

This vulnerability in BuildKit allows malicious Dockerfiles or BuildKit frontends using RUN --mount to delete arbitrary files on the host system. It a...

This vulnerability in NodeBB forum software allows attackers to execute arbitrary JavaScript files on the server through a path traversal attack combi...

CVE-2023-2825 is a critical path traversal vulnerability in GitLab CE/EE version 16.0.0 that allows unauthenticated attackers to read arbitrary files ...

CVE-2020-29495 is a critical OS command injection vulnerability in Dell EMC Avamar Server's Fitness Analyzer component. Remote unauthenticated attacke...

CVE-2026-24849 is an arbitrary file read vulnerability in OpenEMR's EtherFaxActions.php. Any authenticated user, regardless of privilege level, can ex...

CVE-2026-25592 is an arbitrary file write vulnerability in Microsoft's Semantic Kernel .NET SDK that allows attackers to write files to arbitrary loca...

An input neutralization vulnerability in Crafty Controller's File Operations API Endpoint allows authenticated attackers to perform path traversal att...

A directory traversal vulnerability in Desktop Alert PingAlert Application Server versions 6.1.0.11 to 6.1.1.2 allows attackers to write arbitrary fil...

This vulnerability in Flowise allows authenticated attackers to read and write arbitrary files anywhere on the file system due to insufficient path re...

This path traversal vulnerability in the Countdown & Clock WordPress plugin allows attackers to include arbitrary files from the server, potentially l...

This vulnerability in Mattermost Boards allows authenticated users to read arbitrary files on the server by duplicating specially crafted blocks. It a...

This vulnerability in Mattermost Boards allows attackers to read arbitrary files on the server by importing specially crafted board archives. It affec...

This critical vulnerability allows attackers to perform directory traversal attacks through the ringtone upload function in Tiptel IP 286 phones. Atta...

CVE-2024-3980 is a path traversal vulnerability in MicroSCADA Pro/X SYS600 that allows authenticated users to manipulate file paths, potentially acces...

This vulnerability allows attackers with contributor-level access to WordPress sites to perform path traversal attacks, leading to local file inclusio...

A path traversal vulnerability in Genie allows attackers to access files outside intended directories, potentially leading to remote code execution. A...

This path traversal vulnerability in Esri Portal for ArcGIS allows authenticated attackers to access files outside intended directories, potentially l...

This vulnerability in Pterodactyl Wings allows authenticated attackers with server access to read files outside their allocated sandbox directory, pot...

This vulnerability in File Manager and File Manager Pro WordPress plugins allows directory traversal attacks via the target parameter. Attackers can r...

This critical vulnerability in GitLab allows authenticated users to write files to arbitrary locations on the server while creating a workspace, enabl...

This CVE describes a directory traversal vulnerability in the BIG-IP Configuration Utility that allows authenticated attackers to execute arbitrary co...

A directory traversal vulnerability in WS_FTP Server allows attackers to perform file operations (delete, rename, create, remove) outside their author...

This vulnerability allows authenticated users with low privileges to upload malicious JSP files to the Knowage server via an unauthorized endpoint, le...

This path traversal vulnerability in Flux's kustomize-controller allows attackers to read sensitive files from the controller's pod filesystem by expl...

CVE-2022-24900 is a critical path traversal vulnerability in Piano LED Visualizer software versions 1.3 and earlier. It allows attackers to read arbit...

This vulnerability allows authenticated GateManager administrators to delete system files or directories through improper pathname restrictions. It af...

This is a critical path traversal vulnerability (CWE-22) in Siemens SIMATIC PCS 7 and WinCC systems that allows attackers to bypass directory restrict...

CVE-2021-38163 is a critical vulnerability in SAP NetWeaver Visual Composer that allows authenticated non-administrative users to upload malicious fil...

This vulnerability in JUMP AMS allows attackers to write arbitrary files to any location on the filesystem via directory traversal in a SOAP endpoint....

A path traversal vulnerability in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server allows attackers to access arbitrary files outside intend...

CVE-2025-69874 is a critical path traversal vulnerability in nanotar that allows attackers to write arbitrary files outside the intended extraction di...

CVE-2026-25895 is a path traversal vulnerability in FUXA web-based SCADA/HMI software that allows unauthenticated remote attackers to write arbitrary ...

A path traversal vulnerability in the unstructured library's partition_msg function allows attackers to write or overwrite arbitrary files on the file...

This CVE describes a critical path traversal vulnerability in Wildfire IM's file upload functionality that allows attackers to write arbitrary files a...

CVE-2026-24770 is a critical Zip Slip vulnerability in RAGFlow's MinerU parser that allows attackers to overwrite arbitrary files on the server via ma...

This vulnerability allows attackers to achieve remote code execution by uploading malicious ZIP archives containing path traversal sequences. The flaw...

This vulnerability in the Integration Opvius AI for WooCommerce WordPress plugin allows unauthenticated attackers to perform path traversal attacks. A...

CVE-2025-68705 is a path traversal vulnerability in RustFS's /rustfs/rpc/read_file_stream endpoint that allows attackers to read arbitrary files on th...

This vulnerability allows unauthenticated attackers to execute arbitrary code on SOUND4 IMPACT/FIRST/PULSE/Eco systems by exploiting a path traversal ...