CWE-22: Path Traversal

This vulnerability allows attackers to perform path traversal attacks via the size query parameter in Openatlas's /views/file.py endpoint. Attackers c...

This vulnerability in the Directorist WordPress plugin allows unauthenticated attackers to move arbitrary files on the server due to insufficient file...

Argo Workflows contains a Zip Slip path traversal vulnerability in artifact extraction that allows attackers to write arbitrary files outside the inte...

An authenticated path traversal vulnerability in Time Machine functionality allows limited-privilege users to manipulate files in the /data folder thr...

A path traversal vulnerability in Podman's kube play command allows attackers to overwrite arbitrary host files when Kubernetes YAML files contain sym...

The WooCommerce Purchase Orders plugin for WordPress has a vulnerability that allows authenticated users with Subscriber-level access or higher to del...

The Kallyas WordPress theme contains a vulnerability that allows authenticated attackers with Contributor-level access or higher to delete arbitrary f...

This CSRF vulnerability in the hiWeb Export Posts WordPress plugin allows unauthenticated attackers to delete arbitrary server files by tricking admin...

The Extensions For CF7 WordPress plugin has an arbitrary file deletion vulnerability that allows unauthenticated attackers to delete any file on the s...

The Vikinger WordPress theme allows authenticated attackers with Subscriber-level access or higher to delete arbitrary files on the server due to insu...

ServiceStack's FindType method contains a directory traversal vulnerability that allows remote attackers to execute arbitrary code by manipulating fil...

This path traversal vulnerability in Seofy Core WordPress plugin allows attackers to include arbitrary local PHP files via improper path validation. A...

CVE-2025-26692 is a path traversal vulnerability in Quick Agent V3 and V2 that allows remote unauthenticated attackers to execute arbitrary code with ...

The Avatar WordPress plugin has an arbitrary file deletion vulnerability that allows authenticated attackers with Subscriber-level access or higher to...

A path traversal vulnerability in mholt/archiver Go library allows attackers to create or overwrite arbitrary files by exploiting symlinks in crafted ...

This CVE describes a path traversal vulnerability in the WooCommerce Pickupp plugin that allows attackers to include arbitrary PHP files from the serv...

This path traversal vulnerability in DyaPress ERP/CRM allows attackers to include arbitrary PHP files from the server's filesystem, potentially leadin...

This vulnerability allows unauthenticated attackers to perform Local File Inclusion (LFI) in the Countdown & Clock WordPress plugin, enabling them to ...

A path traversal vulnerability in the USB storage file-sharing function of HGW-BL1500HM devices allows attackers to delete arbitrary files or cause de...

OpenWebUI 0.3.0 has a critical vulnerability in its audio transcription API that allows authenticated users to upload arbitrary files with path traver...

This vulnerability allows attackers to bypass file access restrictions in Google Chrome on Windows by tricking users into installing a malicious exten...

This vulnerability allows a compromised SecureDrop Server to execute arbitrary code on the SecureDrop Client virtual machine by exploiting improper pa...

This vulnerability in GoldPanKit eva-server v4.1.0 allows attackers to download arbitrary files from the server by manipulating the path parameter in ...

This path traversal vulnerability in Adobe ColdFusion allows attackers to read arbitrary files from the server's filesystem when the admin panel is in...

The Swift Performance Lite WordPress plugin contains a Local File Inclusion vulnerability in its 'ajaxify' function, allowing unauthenticated attacker...

This path traversal vulnerability in Synology Router Manager allows authenticated remote attackers to delete arbitrary files on affected systems by ex...

This vulnerability in Kubernetes kubelet allows attackers to execute arbitrary commands on nodes by exploiting specially crafted gitRepo volumes. It a...

CVE-2024-41971 allows low-privileged remote attackers to overwrite arbitrary files on the filesystem, potentially causing denial of service and data l...

This CSRF vulnerability in Moodle's Feedback module allows attackers to trick authenticated users into unknowingly sending bulk messages to non-respon...

This CVE describes a path traversal vulnerability in the ABCApp Creator WordPress plugin that allows attackers to include local PHP files through impr...

CVE-2021-27916 is a path traversal vulnerability in Mautic's GrapesJS builder that allows authenticated users to delete arbitrary files outside intend...

This vulnerability allows authenticated remote attackers to delete arbitrary directories on Logsign Unified SecOps Platform installations. Attackers c...

This vulnerability allows authenticated remote attackers to delete arbitrary files on Logsign Unified SecOps Platform installations. Attackers can exp...

A path traversal vulnerability in Redmine DMSF Plugin allows authenticated users to access or delete arbitrary files on the server within the Redmine ...

CVE-2024-32523 is an unauthenticated path traversal vulnerability in the WordPress Mailster plugin that allows attackers to include arbitrary local PH...

This vulnerability in Keycloak allows attackers to bypass URL validation in redirects when clients use wildcards in Valid Redirect URIs. Attackers can...

This path traversal vulnerability in Fortinet FortiSandbox allows attackers to execute arbitrary code or commands via specially crafted HTTP requests....

This CVE describes a path traversal vulnerability that allows attackers to write files outside intended directories and potentially overwrite existing...

CVE-2024-28171 is a path traversal vulnerability that allows attackers to write files outside intended directories and overwrite existing system files...

This vulnerability allows authenticated XenForo administrators with style management permissions to perform directory traversal attacks when importing...

CVE-2024-0763 is a path traversal vulnerability in Anything-LLM that allows authenticated users to delete arbitrary folders recursively on the server....

This directory traversal vulnerability in IBM SOAR QRadar Plugin App allows remote attackers to read arbitrary files on the system by sending speciall...

This CVE describes a relative path traversal vulnerability in a-blog CMS that allows authenticated remote attackers to delete arbitrary files on the s...

This critical vulnerability allows remote attackers to upload arbitrary files anywhere on affected Bosch systems via crafted HTTP requests, leading to...

This vulnerability in the Awesome Support WordPress plugin allows ticket submitters to delete arbitrary files on the server due to improper path sanit...

CVE-2023-45868 is a directory traversal vulnerability in ILIAS Learning Module 7.25 that allows authenticated attackers to relocate directories outsid...

This vulnerability allows authenticated attackers to delete arbitrary files on affected TN-4900 and TN-5900 Series devices through command injection i...

A directory traversal vulnerability in Safe Software FME Server allows authenticated attackers with write privileges to bypass validation when editing...

This directory traversal vulnerability in ESS REC Agent Server Edition allows authenticated attackers to access or modify arbitrary files on affected ...

This vulnerability allows authenticated low-privileged attackers to perform directory traversal attacks through the web-services interface of Loadbala...