CWE-22: Path Traversal

This vulnerability allows authenticated low-privileged attackers to perform directory traversal attacks through the web-services interface of Loadbala...

MuYuCMS v2.2 contains an arbitrary file deletion vulnerability in the /accessory/picdel.html component that allows attackers to delete any file on the...

OrangeScrum version 2.0.11 contains a path traversal vulnerability that allows authenticated attackers to delete arbitrary files on the server. This o...

This CVE combines path traversal and command injection vulnerabilities in ABB flow computer and remote controller products. Attackers can exploit thes...

CVE-2022-1993 is a path traversal vulnerability in Gogs (Go Git Service) that allows attackers to read arbitrary files on the server by manipulating f...

This path traversal vulnerability in Android HTTP File Server 1.4.1 allows attackers to access, list, and modify files outside the intended directory....

CVE-2022-1850 is a path traversal vulnerability in FileGator that allows attackers to access files outside the intended directory. This affects all Fi...

Verydows v2.0 contains an arbitrary file deletion vulnerability in the backend file controller that allows attackers to delete files on the server. Th...

HongCMS 3.0.0 contains an arbitrary file deletion vulnerability in the template management component. Attackers can delete any file on the server by e...

CVE-2022-28527 is an arbitrary folder deletion vulnerability in dhcms v20170919 that allows attackers to delete arbitrary folders via the /admin.php?r...

This vulnerability allows attackers to perform directory traversal attacks on Artica Proxy by manipulating the filename parameter in the /cgi-bin/main...

CVE-2022-24851 is a stored cross-site scripting (XSS) vulnerability in LDAP Account Manager (LAM) that allows authenticated attackers to inject malici...

This vulnerability allows unauthenticated attackers on the local network to perform path traversal attacks on ASUS RT-AX56U routers. By exploiting ins...

CVE-2021-26601 is a path traversal vulnerability in ImpressCMS that allows attackers to read arbitrary files on the server by manipulating the image_t...

The Jenkins Warnings Next Generation Plugin vulnerability allows attackers with Item/Configure permission to read and write files with specific hard-c...

CVE-2021-21909 is a path traversal vulnerability in a file deletion command that allows arbitrary file deletion via specially crafted arguments. Attac...

This vulnerability in Squashfs-Tools allows directory traversal attacks during archive extraction. Attackers can craft malicious squashfs archives tha...

This CVE describes a path traversal vulnerability in FortiSandbox that allows authenticated users to access restricted files and directories via speci...

CVE-2021-37443 is a path traversal vulnerability in NCH IVM Attendant that allows attackers to delete arbitrary files on the server via the logdeletes...

This vulnerability allows authenticated users in NCH Quorum conference software to delete arbitrary files via directory traversal in the documentdelet...

This vulnerability allows authorized WordPress users to perform directory traversal attacks via the CM Download Manager plugin, enabling them to delet...

Envoy proxy versions 1.18.2 and earlier fail to decode escaped slash sequences (%2F and %5C) in HTTP URL paths, allowing attackers to bypass access co...

This CVE describes a directory traversal vulnerability in FusionPBX 4.5.7 that allows authenticated remote attackers to delete arbitrary folders on th...

This directory traversal vulnerability in SolarView Compact SV-CPT-MC310 allows authenticated attackers to delete arbitrary files and directories on t...

This vulnerability allows remote attackers with access to an iSCSI LUN to perform directory traversal attacks via XCOPY requests in the Linux kernel's...

This path traversal vulnerability in Marvell QConvergeConsole GUI allows authenticated remote attackers to delete arbitrary files with SYSTEM/root pri...

This vulnerability allows authenticated attackers to read and write files outside the web root directory using directory traversal techniques in FlexD...

This vulnerability allows authenticated remote attackers to perform directory traversal attacks on Cisco Firepower Management Center (FMC) and Firepow...

This vulnerability in the Weblate command-line client (wlc) allows a malicious Weblate server to write files to arbitrary locations on a client's syst...

This CVE describes a path traversal vulnerability in Keras 3.11.3's keras.utils.get_file() function when extracting tar archives. The vulnerability al...

This vulnerability allows admin users in Mattermost to execute arbitrary code by uploading malicious plugins to the prepackaged plugins directory. The...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to delete arbitrary files on the server due to insuffic...

This vulnerability allows attackers to perform path traversal attacks in the Rehub WordPress theme, enabling local file inclusion of PHP files. It aff...

This vulnerability allows attackers to perform path traversal attacks via malicious ZIP archives ('zip slip'), enabling arbitrary file overwrites on t...

The JSON datasource plugin for Grafana has a path traversal vulnerability that allows authenticated users to query arbitrary endpoints on the configur...

This vulnerability allows low-privileged users to exploit directory traversal in SolarWinds Network Configuration Manager to execute arbitrary code wi...

This vulnerability in SolarWinds Network Configuration Manager allows low-privileged users to exploit directory traversal flaws to execute arbitrary c...

This directory traversal vulnerability allows attackers to access files outside the intended backup folder structure by manipulating path sequences. I...

CVE-2020-14352 is a directory traversal vulnerability in librepo versions before 1.12.1 that allows attackers controlling remote repositories to write...

A partial-path traversal vulnerability in AWS SDK for Java v1 allows attackers to write S3 bucket contents outside the intended destination directory ...

This path traversal vulnerability in Synology Docker's container volume management allows local users to bypass directory restrictions and access arbi...

OpenViking versions 0.2.1 and earlier contain a path traversal vulnerability in .ovpack import handling that allows attackers to write arbitrary files...

A path validation vulnerability in Apple operating systems allows malicious applications to gain root privileges through improper path handling. This ...

This CVE describes a path handling vulnerability in macOS that allows an application to gain root privileges through improper validation. It affects m...

This vulnerability allows attackers on the same local network to probe the TP-Link Tapo C260 v1 camera's filesystem to determine if specific files exi...

A directory traversal vulnerability in 7-Zip's ZIP file parsing allows remote attackers to execute arbitrary code by crafting malicious ZIP archives c...

This vulnerability allows arbitrary file write through path traversal in archive extraction functions. Attackers can place malicious archives that ext...

CVE-2025-68921 is a directory traversal vulnerability in SteelSeries Nahimic 3 audio software that allows attackers to read arbitrary files on the sys...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of pdfforge PDF Architect by tricking user...

This vulnerability allows remote attackers to execute arbitrary code on Soda PDF Desktop by tricking users into opening malicious CBZ files. Attackers...