CWE-22: Path Traversal

CVE-2023-43662 is an unauthenticated arbitrary file read vulnerability in ShokoServer's /api/Image/WithPath endpoint. Attackers can read any file on t...

This vulnerability in the go-getter library allows attackers to perform path traversal, symlink processing, and command injection attacks, potentially...

CVE-2021-43775 is a path traversal vulnerability in Aim, an open-source machine learning experiment tracking tool. Attackers can use directory travers...

This vulnerability in elFinder.NetCore allows attackers to extract arbitrary files from the server due to insufficient path validation in the ExtractA...

This vulnerability allows attackers to perform directory traversal attacks via the items[] parameter in move operations in the Media File Organizer Wo...

A low-privilege user with page editing access in Grav can read arbitrary server files, including sensitive user account files containing password hash...

This path traversal vulnerability in Salesforce Tableau Server allows attackers to access files outside the intended directory via the tabdoc API's du...

This path traversal vulnerability in the WordPress Newspack Blocks plugin allows attackers to delete arbitrary directories on the server. It affects W...

This vulnerability allows attackers to read arbitrary files on WordPress servers through path traversal in the Timeline and History slider plugin. It ...

This path traversal vulnerability in the ListingPro WordPress theme allows attackers to include arbitrary local PHP files, potentially leading to remo...

This path traversal vulnerability in the Advanced Classifieds & Directory Pro WordPress plugin allows attackers to access files outside the intended d...

This path traversal vulnerability in the Striking WordPress theme allows attackers to access files outside the intended directory. It affects all Word...

This vulnerability allows attackers to perform path traversal attacks in the Consulting Elementor Widgets WordPress plugin, leading to local file incl...

This vulnerability in SuiteCRM allows authenticated users to execute arbitrary code remotely through connectors. It affects all SuiteCRM installations...

This vulnerability allows attackers to perform path traversal attacks in the Stockholm Core WordPress plugin, enabling PHP local file inclusion. Attac...

This vulnerability in Element Pack Pro WordPress plugin allows attackers to read arbitrary files on the server and execute malicious code through dese...

This CVE describes a path traversal vulnerability in the XStore Core WordPress plugin that allows attackers to include arbitrary local PHP files. This...

This vulnerability allows attackers to perform path traversal attacks in the Easy Social Share Buttons WordPress plugin, leading to local file inclusi...

This path traversal vulnerability in the Brevo Sendinblue for WooCommerce WordPress plugin allows attackers to read or delete arbitrary files on the s...

This CVE describes a path traversal vulnerability in GitLab that allows attackers to access restricted files and potentially cause denial of service. ...

This CVE describes a path traversal vulnerability in ASUSTOR ADM printer service that allows remote unauthenticated attackers to delete files outside ...

This vulnerability allows authenticated users with configuration access in Icinga Web 2 to create SSH resource files in unintended directories, leadin...

This path traversal vulnerability in GitLab Workhorse allows attackers to access JWT tokens by manipulating file paths. All GitLab versions are affect...

A path traversal vulnerability (CWE-22) in Huawei's virtualization base module allows attackers to access files outside the intended directory. This a...

This vulnerability allows authenticated local attackers on Cisco SD-WAN devices to create or overwrite arbitrary files through insufficient input vali...

CVE-2024-52291 is a path traversal vulnerability in CraftCMS that allows authenticated administrators to bypass local file system validation using a d...

This vulnerability in tgstation-server allows low-permission users with 'Set .dme Path' privilege to potentially execute malicious .dme files, which c...

This vulnerability in SolarWinds Serv-U allows attackers with highly privileged accounts to perform directory traversal attacks, potentially leading t...

This CVE describes a directory traversal vulnerability in Apache Pulsar Functions Worker where authenticated users can upload malicious JAR/NAR files ...

This path traversal vulnerability in ConnectWise ScreenConnect allows attackers to bypass authentication and potentially execute remote code or access...

This path traversal vulnerability in TACC ePO extension allows authenticated administrators to upload malicious GTI reputation files that can execute ...

This vulnerability allows authenticated remote attackers to perform absolute path traversal in Quagga services on D-Link DIR-2640 routers, enabling th...

A vulnerability in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation allows path traversal attacks. This affects Kubernetes cl...

An unauthenticated directory traversal vulnerability in Fanvil x210 V2 IP phones allows attackers on the local network to write files to arbitrary loc...

This vulnerability in Progress Telerik Document Processing Libraries allows attackers to perform path traversal attacks when processing ZIP archives, ...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected Xerox FreeFlow Core systems via path traversal. Attac...

This vulnerability allows attackers to read arbitrary files on WordPress servers running the EmbedPress plugin through path traversal. Attackers can e...

OpenAPI Generator versions before 7.6.0 contain a path traversal vulnerability that allows attackers to read and delete files from arbitrary writable ...

This path traversal vulnerability in Premmerce Permalink Manager for WooCommerce allows attackers to include arbitrary PHP files from the server's fil...

This path traversal vulnerability in Fortinet FortiWAN allows authenticated attackers to read and delete arbitrary files on the system via crafted HTT...

A directory traversal vulnerability in EverShop NPM allows remote attackers to access sensitive files outside the intended directory via crafted DELET...

A directory traversal vulnerability in MCL-Net versions before 4.6 Update Package (P01) allows attackers to read arbitrary files on the system. This a...

CVE-2022-23609 is a path traversal vulnerability in iTunesRPC-Remastered that allows attackers to delete arbitrary files on Windows systems. The vulne...

The wp-publications WordPress plugin contains a local file inclusion vulnerability in the Q_FILE parameter of bibtexbrowser.php. This allows attackers...

A path traversal vulnerability in Zarf's archive extraction allows malicious packages to create symlinks pointing outside the destination directory, e...

A path traversal vulnerability in Calibre's EPUB conversion allows malicious EPUB files to corrupt arbitrary files writable by the Calibre process. At...

CVE-2026-24843 is a path traversal vulnerability in melange that allows attackers to write files outside the intended workspace directory. Attackers w...

An input neutralization vulnerability in Crafty Controller's Backup Configuration component allows authenticated attackers to perform path traversal a...

CVE-2026-24842 is a path traversal vulnerability in node-tar, a Node.js library for handling TAR archives, affecting versions prior to 7.5.7. It allow...

This path traversal vulnerability in Azure Logic Apps allows unauthorized attackers to access restricted directories and elevate privileges over the n...