CWE-22: Path Traversal

This path traversal vulnerability in Fortinet FortiWAN allows authenticated attackers to read and delete arbitrary files on the system via crafted HTT...

A directory traversal vulnerability in EverShop NPM allows remote attackers to access sensitive files outside the intended directory via crafted DELET...

A directory traversal vulnerability in MCL-Net versions before 4.6 Update Package (P01) allows attackers to read arbitrary files on the system. This a...

CVE-2022-23609 is a path traversal vulnerability in iTunesRPC-Remastered that allows attackers to delete arbitrary files on Windows systems. The vulne...

The wp-publications WordPress plugin contains a local file inclusion vulnerability in the Q_FILE parameter of bibtexbrowser.php. This allows attackers...

A path traversal vulnerability in Zarf's archive extraction allows malicious packages to create symlinks pointing outside the destination directory, e...

A path traversal vulnerability in Calibre's EPUB conversion allows malicious EPUB files to corrupt arbitrary files writable by the Calibre process. At...

CVE-2026-24843 is a path traversal vulnerability in melange that allows attackers to write files outside the intended workspace directory. Attackers w...

An input neutralization vulnerability in Crafty Controller's Backup Configuration component allows authenticated attackers to perform path traversal a...

CVE-2026-24842 is a path traversal vulnerability in node-tar, a Node.js library for handling TAR archives, affecting versions prior to 7.5.7. It allow...

This path traversal vulnerability in Azure Logic Apps allows unauthorized attackers to access restricted directories and elevate privileges over the n...

CVE-2025-65025 is a path traversal vulnerability in esm.sh CDN service that allows attackers to write files to arbitrary server locations during NPM p...

This vulnerability in Liferay Portal/DXP allows remote attackers to perform path traversal attacks via the ComboServlet, potentially accessing arbitra...

The Counter live visitors for WooCommerce WordPress plugin has an arbitrary file deletion vulnerability that allows unauthenticated attackers to delet...

An unauthenticated directory traversal vulnerability in White Star Software Protop version 4.4.2-2024-11-27 allows remote attackers to read arbitrary ...

VMware Cloud Foundation contains a directory traversal vulnerability (CWE-22) that allows attackers with network access to port 443 to access internal...

CVE-2025-27147 is an improper access control vulnerability in the GLPI Inventory Plugin that allows unauthorized users to perform administrative actio...

This path traversal vulnerability in db-gpt version 0.6.0 allows attackers to delete arbitrary files on the server by manipulating the file_key parame...

This vulnerability in ESM 11.6.10 allows unauthenticated attackers to access internal Snowservice API endpoints via path traversal. This can lead to u...

CVE-2024-43395 is a path traversal vulnerability in CraftOS-PC 2 that allows attackers to escape the designated computer folder and access arbitrary f...

This vulnerability allows any user to delete any JSON file on the server through directory traversal attacks due to improper path validation. It affec...

This vulnerability in Bazaar v1.4.3 allows unauthenticated attackers to perform directory traversal attacks via the /api/swaggerui/static component. A...

This CVE describes a Local File Inclusion (LFI) vulnerability in Litestar/Starlite ASGI frameworks that allows attackers to exploit path traversal fla...

This vulnerability allows local attackers with high-privileged code execution on a Parallels Desktop guest system to escalate privileges on the host s...

This vulnerability in Obsidian desktop allows malicious webpages or markdown files to access local files through improper path handling. Attackers can...

CVE-2021-27771 is a path traversal vulnerability in HCL Sametime chat application where attackers can modify user session IDs to upload arbitrary file...

CVE-2021-41150 is a path traversal vulnerability in the Tough TUF library that allows attackers to overwrite arbitrary JSON files on the system when r...

CVE-2021-41149 is a path traversal vulnerability in the Tough TUF library that allows attackers to overwrite arbitrary files on the system when cachin...

This vulnerability in the npm tar package allows attackers to bypass symlink checks by exploiting Unicode normalization and Windows short path behavio...

The npm tar package before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has an arbitrary file creation/overwrite vulnerability due to insufficient sanitiz...

This CVE allows path traversal attacks during squashfs extraction in Singularity container platform. Attackers can overwrite/create arbitrary files on...

CVE-2020-12499 is an improper path sanitation vulnerability in PHOENIX CONTACT PLCnext Engineer that allows attackers to execute arbitrary code by imp...

OpenClaw versions 2026.1.29-beta.1 through 2026.2.1 contain a path traversal vulnerability in plugin installation. Attackers can craft malicious plugi...

This path traversal vulnerability in ASUSTOR ADM FTP Backup allows attackers to access files outside the intended directory by manipulating file paths...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on MLflow Tracking Server installations via directory traversal i...

CVE-2026-24135 is a path traversal vulnerability in Gogs self-hosted Git service that allows authenticated users with wiki write access to delete arbi...

This vulnerability in n8n workflow automation platform allows attackers to write files to unintended locations on remote systems via SSH nodes, potent...

ConvertX versions before 0.17.0 have a path traversal vulnerability in the /delete endpoint that allows attackers to delete arbitrary files on the ser...

This path traversal vulnerability in VibeThemes WPLMS plugin allows attackers to delete arbitrary files on WordPress sites. It affects all WordPress i...

CVE-2025-66292 is an arbitrary file deletion vulnerability in DPanel server management panel. Authenticated users can delete any file on the server vi...

CVE-2025-68472 is an unauthenticated path traversal vulnerability in MindsDB's file upload API that allows attackers to read arbitrary files from the ...

Advantech WebAccess/SCADA is vulnerable to directory traversal that allows attackers to delete arbitrary files on the system. This affects industrial ...

This path traversal vulnerability allows authenticated users with limited privileges to upload malicious Arc data archives that can write arbitrary fi...

Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. Remote authenticated attackers can delete arbitrary f...

This vulnerability allows attackers to perform path traversal attacks via the size query parameter in Openatlas's /views/file.py endpoint. Attackers c...

This vulnerability in the Directorist WordPress plugin allows unauthenticated attackers to move arbitrary files on the server due to insufficient file...

Argo Workflows contains a Zip Slip path traversal vulnerability in artifact extraction that allows attackers to write arbitrary files outside the inte...

An authenticated path traversal vulnerability in Time Machine functionality allows limited-privilege users to manipulate files in the /data folder thr...

A path traversal vulnerability in Podman's kube play command allows attackers to overwrite arbitrary host files when Kubernetes YAML files contain sym...

The WooCommerce Purchase Orders plugin for WordPress has a vulnerability that allows authenticated users with Subscriber-level access or higher to del...