CWE-22: Path Traversal

LocalSend versions before 1.17.0 have a path traversal vulnerability in file upload endpoints that allows attackers to write files to arbitrary locati...

CVE-2025-22130 is a path traversal vulnerability in Soft Serve Git server that allows non-admin users to access and take over other users' repositorie...

This vulnerability in python-libarchive allows attackers to perform directory traversal attacks when extracting ZIP archives, potentially writing file...

This directory traversal vulnerability in Gogs allows attackers to read, write, or delete arbitrary files on the server by manipulating file paths in ...

This vulnerability allows attackers to upload malicious files to MangoOS and Mango API systems, potentially leading to remote code execution. It affec...

This vulnerability allows authenticated attackers to read arbitrary files on Pandora FMS servers through the plugin edition feature. It affects Pandor...

A directory traversal vulnerability in Plasmoapp RPShare Fabric mod v1.0.0 allows remote attackers to read arbitrary files on the server by manipulati...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to perform Local File Inclusion attacks in the Eventin...

The JetElements WordPress plugin contains a Local File Inclusion vulnerability that allows authenticated attackers with Contributor-level access or hi...

The JetTabs for Elementor WordPress plugin contains a Local File Inclusion vulnerability that allows authenticated attackers with Contributor-level ac...

This vulnerability allows attackers to write arbitrary files with system-level privileges on Samsung MagicINFO 9 Server by exploiting improper pathnam...

This CVE describes a path traversal vulnerability that allows attackers to upload malicious files to arbitrary locations on the web server's filesyste...

The WPBakery Visual Composer plugin for WordPress has a Local File Inclusion vulnerability that allows authenticated attackers with Author-level permi...

This directory traversal vulnerability in Mgt-commerce CloudPanel allows authenticated attackers to read arbitrary files and execute code via the serv...

A path traversal vulnerability in ONNX framework's download_model_with_test_data function allows attackers to overwrite arbitrary system files via mal...

This CVE allows remote code execution in MLflow versions before 2.9.0 due to command injection vulnerability. Attackers can manipulate file paths when...

This vulnerability allows authenticated remote attackers to execute arbitrary code with SYSTEM privileges on NETGEAR ProSAFE Network Management System...

The Cowidgets – Elementor Addons WordPress plugin contains a Local File Inclusion vulnerability in all versions up to 1.1.1. Authenticated attackers...

This vulnerability in Ollama allows attackers to bypass path validation when retrieving model files, potentially leading to arbitrary file read or rem...

CVE-2024-34060 is an arbitrary file write vulnerability in IrisEVTXModule that allows attackers to write malicious files to the server during EVTX fil...

This vulnerability in Honeywell Saia PG5 Controls Suite allows remote attackers to execute arbitrary code by exploiting a directory traversal flaw in ...

This vulnerability in Honeywell Saia PG5 Controls Suite allows remote attackers to execute arbitrary code by tricking users into opening malicious CAB...

This vulnerability allows remote attackers to execute arbitrary code on Inductive Automation Ignition installations by exploiting a directory traversa...

This vulnerability in A10 Thunder ADC allows authenticated remote attackers to read and delete arbitrary files on the system through directory travers...

This vulnerability in NETGEAR ProSAFE Network Management System allows authenticated attackers to bypass authentication and execute arbitrary code wit...

Delta Electronics DIAEnergie software has a path traversal vulnerability that allows attackers to write files outside intended directories, potentiall...

CVE-2024-32258 is a path traversal vulnerability in fceux 2.7.0's network server that allows unauthenticated attackers to overwrite arbitrary files on...

This path traversal vulnerability in Ivanti Avalanche's web component allows authenticated remote attackers to execute arbitrary commands with SYSTEM ...

This path traversal vulnerability in Ivanti Avalanche's web component allows authenticated remote attackers to execute arbitrary commands with SYSTEM ...

This path traversal vulnerability in Ivanti Avalanche allows authenticated remote attackers to execute arbitrary commands with SYSTEM privileges. It a...

This path traversal vulnerability in Ivanti Avalanche allows authenticated remote attackers to execute arbitrary commands with SYSTEM privileges. It a...

This vulnerability in the HT Mega plugin for WordPress allows authenticated attackers with contributor-level access or higher to perform directory tra...

Grav CMS versions before 1.7.45 contain a file upload path traversal vulnerability that allows attackers to upload malicious files to arbitrary locati...

This is a high-severity path traversal vulnerability (CWE-22) in Confluence Data Center and Server that allows unauthenticated attackers to access or ...

A directory traversal vulnerability in Devan-Kerman ARRP v0.8.1 and earlier allows remote attackers to execute arbitrary code via the dumpDirect funct...

CVE-2024-27771 is a path traversal vulnerability in Unitronics Unistream Unilogic software that could allow remote code execution. Attackers can explo...

The Elementor Addon Elements WordPress plugin has a directory traversal vulnerability in its render function. Authenticated attackers with contributor...

This vulnerability allows attackers to bypass Node.js's experimental permission model by overwriting built-in path normalization functions, enabling p...

CVE-2024-22514 is a path traversal vulnerability in iSpyConnect.com Agent DVR that allows attackers to execute arbitrary files by restoring a maliciou...

This CVE describes a directory traversal vulnerability in Kihron ServerRPExposer v1.0.2 and earlier that allows remote attackers to execute arbitrary ...

CVE-2024-21852 is a Zip Slip vulnerability in Rapid SCADA that allows attackers to upload malicious configuration files during unpacking, leading to a...

This CVE describes an improper path traversal vulnerability in Dremio that allows authenticated users with limited folder access to bypass authorizati...

The WooCommerce Currency Switcher FOX WordPress plugin before version 1.3.7 contains a Local File Inclusion (LFI) vulnerability via the 'woocs' shortc...

CVE-2023-45722 is a path traversal vulnerability in HCL DRYiCE MyXalytics that allows attackers to read arbitrary files on the system by manipulating ...

This path traversal vulnerability in MLflow allows attackers to read arbitrary files on the server by manipulating file paths in requests. It affects ...

This vulnerability allows authenticated attackers to upload arbitrary files, including ASP/ASPX web shells, to the web root directory of IDAttend's ID...

This vulnerability allows authenticated remote attackers to upload arbitrary files to any location on the AgeVolt Portal server through directory trav...

This vulnerability in Cambium Enterprise Wi-Fi System Software allows attackers to execute arbitrary commands on affected devices by exploiting improp...

This CVE describes a directory traversal vulnerability in itechyou dreamer CMS v4.1.3 that allows remote attackers to execute arbitrary code by manipu...

This path traversal vulnerability in SHIRASAGI CMS allows authenticated attackers to manipulate server files by exploiting improper path validation. A...