CWE-22: Path Traversal

This path traversal vulnerability in Synology WebDAV Server allows authenticated remote attackers to delete arbitrary files on the system. The vulnera...

This vulnerability allows authenticated administrators with specific permissions to inject executable files via layout XML in OpenMage, a community-dr...

This vulnerability allows authenticated administrators with product update permissions to upload executable files and execute them via layout XML in O...

CVE-2026-28679 is a path traversal vulnerability in Home-Gallery.org that allows attackers to download sensitive system files outside the intended med...

This vulnerability in NLTK allows attackers to read arbitrary files on the server through path traversal attacks in multiple CorpusReader classes. It ...

ImageMagick's path security policy enforcement occurs before filesystem path resolution, allowing path traversal attacks to bypass policy rules like '...

This path traversal vulnerability in the WordPress 'Upload Files Anywhere' plugin allows attackers to delete arbitrary files on the server. It affects...

Calibre e-book manager versions before 9.2.0 contain a path traversal vulnerability in the CHM reader that allows attackers to write arbitrary files a...

Python-Multipart versions before 0.0.22 contain a path traversal vulnerability when configured with UPLOAD_DIR and UPLOAD_KEEP_FILENAME=True. Attacker...

This CVE describes a path traversal vulnerability in the Harmonic Design HDForms WordPress plugin, allowing attackers to delete arbitrary files on the...

This path traversal vulnerability in the Anona WordPress theme allows attackers to delete arbitrary files on affected systems. It affects all WordPres...

This path traversal vulnerability in the ovatheme Movie Booking WordPress plugin allows attackers to delete arbitrary files on the server. It affects ...

CVE-2026-23949 is a Zip Slip path traversal vulnerability in jaraco.context's tarball() function that allows attackers to extract files outside the in...

This vulnerability in Nero BackItUp allows arbitrary code execution when a user clicks on a crafted entry in the software's interface. Attackers can e...

CVE-2025-27222 is a path traversal vulnerability in TRUfusion Enterprise's /trufusionPortal/getCobrandingData endpoint that allows attackers to read a...

This path traversal vulnerability in Saysis Web Portal allows attackers to access files outside the intended directory by manipulating file paths. It ...

This path traversal vulnerability in the BuddyPress XProfile Custom Image Field WordPress plugin allows attackers to delete arbitrary files on the ser...

This path traversal vulnerability in FW Gallery WordPress plugin allows attackers to delete arbitrary files on the server by manipulating file paths. ...

This path traversal vulnerability in the Opal Woo Custom Product Variation WordPress plugin allows attackers to delete arbitrary files on the server. ...

This path traversal vulnerability in the Drag and Drop File Upload for Elementor Forms WordPress plugin allows attackers to delete arbitrary files on ...

This path traversal vulnerability in the neoslab Database Toolset WordPress plugin allows attackers to delete arbitrary files on the server. It affect...

This path traversal vulnerability in Oxygen MyData for WooCommerce allows attackers to delete arbitrary files on the server by manipulating file paths...

The SENTRON 7KT PAC1260 Data Manager contains a path traversal vulnerability in its web interface that allows unauthenticated attackers to read arbitr...

YesWiki versions before 4.5.2 contain a path traversal vulnerability in the squelette parameter that allows attackers to read arbitrary files on the s...

This path traversal vulnerability in the PluginPass WordPress plugin allows attackers to manipulate web input to access or delete arbitrary files on t...

This path traversal vulnerability in the Helloprint WordPress plugin allows attackers to delete arbitrary files on the server. It affects all WordPres...

This path traversal vulnerability in VideoWhisper Live Streaming Integration allows attackers to delete arbitrary files on affected WordPress sites. A...

This path traversal vulnerability in the Paid Videochat Turnkey Site WordPress plugin allows attackers to delete arbitrary files on affected systems. ...

CVE-2025-25243 is an unauthenticated arbitrary file download vulnerability in SAP Supplier Relationship Management's Master Data Management Catalog. A...

This path traversal vulnerability in the Global Gateway e4 | Payeezy Gateway WordPress plugin allows attackers to delete arbitrary files on the server...

This vulnerability in changedetection.io allows attackers to read arbitrary files on the system when webdriver is enabled and ALLOW_FILE_URI is false ...

This path traversal vulnerability in the Woocommerce Product Design WordPress plugin allows attackers to delete arbitrary files on the server. It affe...

This path traversal vulnerability in CodeFlock's FREE DOWNLOAD MANAGER WordPress plugin allows attackers to delete arbitrary files on the server. It a...

CVE-2024-43248 is an unauthenticated path traversal vulnerability in Bit Form Pro WordPress plugin that allows attackers to delete arbitrary files on ...

This vulnerability allows unauthenticated attackers to delete arbitrary files on WordPress sites running the vulnerable WooCommerce PDF Vouchers plugi...

This Local File Inclusion vulnerability in Solara allows attackers to read arbitrary files on the server by manipulating URI fragments with directory ...

This vulnerability allows unauthenticated attackers to perform path traversal attacks on WooCommerce OpenPos, enabling arbitrary file deletion on affe...

This vulnerability in supOS 5.0 allows attackers to perform directory traversal via the api/image/download endpoint, enabling unauthorized reading of ...

An unauthenticated path traversal vulnerability in lollms v9.6's XTTS server allows attackers to read arbitrary files and write audio files anywhere o...

CVE-2024-36117 is an arbitrary file read vulnerability in Reposilite v3.5.10 that allows attackers to read sensitive files on the server via path trav...

This path traversal vulnerability in the Siteclean SC filechecker WordPress plugin allows attackers to manipulate files outside intended directories. ...

This is an unauthenticated path traversal vulnerability in ThemeHigh's Checkout Field Editor for WooCommerce Pro plugin that allows attackers to delet...

SolarWinds Serv-U contains a directory traversal vulnerability that allows attackers to read sensitive files on the host system. This affects organiza...

This path traversal vulnerability in the BuddyForms WordPress plugin allows attackers to read arbitrary files and perform server-side request forgery ...

This vulnerability allows unauthenticated attackers to perform path traversal attacks, enabling local file inclusion in WordPress sites using The Plus...

This vulnerability allows unauthenticated attackers to perform path traversal attacks in the Phlox Shop WordPress plugin, leading to local file inclus...

An unauthenticated path traversal vulnerability in CData Arc Java versions before 23.4.8839 allows remote attackers to access sensitive files and perf...

This CVE describes a path handling vulnerability in Apple operating systems that allows malicious applications to escape their sandbox restrictions. I...

CVE-2023-43662 is an unauthenticated arbitrary file read vulnerability in ShokoServer's /api/Image/WithPath endpoint. Attackers can read any file on t...

This vulnerability in the go-getter library allows attackers to perform path traversal, symlink processing, and command injection attacks, potentially...