CWE-22: Path Traversal

This CVE describes a path traversal vulnerability in Node.js 20's experimental permission model where improper Buffer handling in file system APIs all...

This path traversal vulnerability in SonicWall GMS and Analytics allows authenticated attackers to extract arbitrary files from the underlying filesys...

This path traversal vulnerability in Xibo CMS allows authenticated users to upload specially crafted ZIP files via the layout import function, enablin...

This vulnerability allows authenticated remote attackers to perform directory traversal via the /be/erpc.php endpoint in Jedox, potentially leading to...

SUNNET CTMS has a path traversal vulnerability in its file upload function that allows authenticated users to upload and execute scripts in arbitrary ...

CVE-2023-1109 is a path traversal vulnerability in Phoenix Contacts ENERGY AXC PU Web service that allows authenticated users to read, write, and crea...

A path traversal vulnerability in curl's SFTP implementation allows attackers to bypass path filtering by using specially crafted paths containing til...

This CVE describes a Local File Inclusion vulnerability in OpenEMR's interface/forms/LBF/new.php file that allows authenticated remote attackers to ex...

This vulnerability in Jenkins Deployer Framework Plugin allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins con...

This vulnerability allows attackers to perform directory traversal attacks on Algo Communication Products Ltd. 8373 IP Zone Paging Adapter devices. At...

CVE-2021-42643 is an arbitrary file write vulnerability in cmseasy CMS that allows attackers to write PHP script files to the web server. This can lea...

CVE-2021-44519 is an authenticated directory traversal vulnerability in Citrix XenMobile Server that allows authenticated attackers to escape director...

This vulnerability allows authenticated remote attackers with NTP GPS configuration privileges to overwrite files on pfSense systems, potentially lead...

This vulnerability in WordPress File Upload plugins allows users with Contributor role or higher to perform path traversal attacks via shortcode argum...

CVE-2022-25267 is a directory traversal vulnerability in Passwork On-Premise Edition that allows attackers to upload arbitrary files to any directory ...

CVE-2022-26500 is a path traversal vulnerability in Veeam Backup & Replication that allows authenticated remote attackers to access internal API funct...

This directory traversal vulnerability in TIBCO JasperReports products allows authenticated web server users to access files outside the intended dire...

This is an authenticated path traversal vulnerability in Tiny File Manager that allows users with valid accounts to upload malicious PHP files to the ...

This vulnerability allows authenticated attackers to upload malicious PHP files disguised as language files to Xerte installations, bypassing upload f...

This path traversal vulnerability in Schneider Electric's C-Bus Toolkit and C-Gate Server allows attackers to write files outside intended directories...

This CVE describes a PJL directory traversal vulnerability in Lexmark printers and multifunction devices that allows attackers to overwrite internal c...

This vulnerability allows authenticated attackers to perform directory traversal attacks through the Web Manager File Upload functionality in Lantroni...

This directory traversal vulnerability in Starcharge Nova 360 Cabinet and Titan 180 Premium products allows attackers to access arbitrary files on the...

CVE-2021-41185 is a path traversal vulnerability in Mycodo environmental monitoring systems that allows attackers to download files outside intended d...

This path traversal vulnerability in Juniper Networks Junos OS J-Web interface allows authenticated low-privileged users to escape directory restricti...

This vulnerability allows authenticated attackers in Concrete CMS to perform path traversal attacks, leading to remote code execution by uploading PHP...

CVE-2021-32814 is a directory traversal vulnerability in Skytable NoSQL database that allows remote attackers to delete or modify critical files on th...

CVE-2021-37441 is a path traversal vulnerability in NCH Axon PBX that allows attackers to delete arbitrary files on the system by manipulating the log...

The Include Me WordPress plugin through version 1.2.1 contains a path traversal vulnerability that allows attackers to read arbitrary files on the ser...

This path traversal vulnerability in FortiMail webmail allows authenticated users to access unauthorized files and data through specially crafted web ...

This vulnerability allows authenticated attackers to perform path traversal attacks via crafted HTTP POST requests in Adobe RoboHelp Server. Successfu...

CVE-2021-21090 is a path traversal vulnerability in Adobe InCopy that allows remote code execution when a user opens a malicious file. Attackers can e...

CVE-2021-21102 is a path traversal vulnerability in Adobe Illustrator that allows arbitrary code execution when a malicious file is opened. Attackers ...

This vulnerability in IBM WebSphere Application Server Network Deployment allows authenticated remote attackers to perform directory traversal attacks...

This path traversal vulnerability in Schneider Electric C-Bus Toolkit allows attackers to execute arbitrary code remotely by manipulating config file ...

This path traversal vulnerability in Schneider Electric's C-Bus Toolkit allows attackers to upload malicious files to arbitrary locations on the syste...

This vulnerability in Incus allows users with container launch privileges to exploit directory traversal or symbolic links in template functionality, ...

CVE-2025-24960 is a path traversal vulnerability in Jellystat (a statistics app for Jellyfin) that allows authenticated admin users to delete arbitrar...

This path traversal vulnerability in QNAP operating systems allows authenticated users to access files outside intended directories via network reques...

This vulnerability allows authenticated attackers with Administrator-level WordPress access to delete arbitrary files on the server due to insufficien...

This CVE-2023-51364 is a path traversal vulnerability in multiple QNAP operating system versions that allows authenticated users to read arbitrary fil...

The BackWPup WordPress plugin up to version 4.0.1 contains a directory traversal vulnerability in the Log File Folder setting. Authenticated attackers...

The WPvivid WordPress plugin up to version 0.9.89 contains a directory traversal vulnerability that allows authenticated administrators to delete arbi...

This vulnerability allows authenticated non-administrative users in SAP NetWeaver BI Content Add-On to exploit a directory traversal flaw to overwrite...

This vulnerability allows attackers with administrative privileges to exploit a directory traversal flaw in SAP NetWeaver BI CONT ADDON reports to upl...

This path traversal vulnerability in Synology WebDAV Server allows authenticated remote attackers to delete arbitrary files on the system. The vulnera...

This vulnerability allows authenticated administrators with specific permissions to inject executable files via layout XML in OpenMage, a community-dr...

This vulnerability allows authenticated administrators with product update permissions to upload executable files and execute them via layout XML in O...

CVE-2026-28679 is a path traversal vulnerability in Home-Gallery.org that allows attackers to download sensitive system files outside the intended med...

This vulnerability in NLTK allows attackers to read arbitrary files on the server through path traversal attacks in multiple CorpusReader classes. It ...