CWE-22: Path Traversal

CVE-2025-68921 is a directory traversal vulnerability in SteelSeries Nahimic 3 audio software that allows attackers to read arbitrary files on the sys...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of pdfforge PDF Architect by tricking user...

This vulnerability allows remote attackers to execute arbitrary code on Soda PDF Desktop by tricking users into opening malicious CBZ files. Attackers...

This ZipSlip vulnerability in SiYuan personal knowledge management software allows authenticated users to overwrite arbitrary files on the system thro...

This path traversal vulnerability in Synology BeeDrive desktop software allows local users to execute arbitrary code by manipulating file paths. It af...

This vulnerability in 7-Zip allows remote attackers to execute arbitrary code by exploiting directory traversal through specially crafted ZIP files co...

Local Agent DVR versions through 6.6.1.0 contain a directory traversal vulnerability that allows unauthenticated local attackers to access sensitive f...

This path traversal vulnerability in Fortinet FortiDLP Agent's Outlookproxy plugin allows authenticated attackers on affected MacOS systems to escalat...

ZenML version 0.83.1 contains a path traversal vulnerability in the PathMaterializer class that allows attackers to write arbitrary files during data....

This vulnerability allows remote attackers to execute arbitrary code on Anritsu ShockLine systems by tricking users into opening malicious CHX files. ...

This vulnerability allows attackers to write files to arbitrary directories on Windows systems via directory traversal when victims open malicious Min...

This vulnerability in the linux-pam pam_namespace module allows local users to exploit symlink attacks and race conditions to elevate their privileges...

This CVE describes a path handling vulnerability in macOS that allows an application to gain root privileges through improper validation. It affects m...

This vulnerability in WinRAR allows attackers to execute arbitrary code by tricking users into opening malicious archive files containing specially cr...

This vulnerability in Progress Telerik UI for WinForms allows attackers to perform path traversal attacks during archive decompression, potentially wr...

This vulnerability allows local unprivileged attackers to escalate privileges to SYSTEM level on G DATA Management Server installations. Attackers can...

A path handling vulnerability in macOS mount command allows arbitrary code execution when processing malicious input. This affects macOS systems befor...

This vulnerability allows remote attackers to execute arbitrary code on SMARTBEAR SoapUI installations through directory traversal in the unpackageAll...

This CVE describes a path traversal vulnerability in Ivanti Endpoint Manager that allows a local unauthenticated attacker to execute arbitrary code. U...

A directory traversal vulnerability in Ghostscript's UTF-8 decoder allows attackers to escape directory restrictions via specially crafted overlong UT...

This vulnerability allows a malicious app to execute arbitrary shortcuts without user consent on Apple devices. It affects multiple Apple operating sy...

This vulnerability allows local attackers to access arbitrary physical memory due to improper input validation in Android's shared memory component. I...

This vulnerability in Buildah allows attackers to bypass path validation in cache mounts, enabling arbitrary host directory access during container bu...

This vulnerability allows attackers to load arbitrary Windows libraries through improper path validation in WPS Office's promecefpluginhost.exe compon...

This vulnerability in Comodo Internet Security Pro allows local attackers to escalate privileges from low-privileged user accounts to SYSTEM level by ...

This vulnerability in Linux Mint's Xreader EPUB parser allows remote attackers to execute arbitrary code by tricking users into opening malicious EPUB...

PDF-XChange Editor has a directory traversal vulnerability in the createDataObject method that allows remote attackers to execute arbitrary code. Atta...

This vulnerability in Triangle MicroWorks SCADA Data Gateway allows remote attackers to create arbitrary files on affected systems by exploiting direc...

This vulnerability allows local attackers with access to a Windows system to delete any file with SYSTEM privileges through the KSchedulerSvc.exe comp...

This vulnerability in Omron PLC engineering software allows attackers to craft malicious project files that exploit directory traversal to write arbit...

CVE-2024-21633 is a path traversal vulnerability in Apktool that allows attackers to write files to arbitrary locations on the system where Apktool ru...

This CVE describes a directory traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 Alpha 1.3.9 that allows local attackers to execute arbitra...

A relative path traversal vulnerability in Shihonkanri Plus allows local attackers to execute arbitrary code by tricking legitimate users into importi...

This vulnerability allows local attackers to write files to other apps' private directories on Android devices through a path traversal flaw in MediaP...

This path traversal vulnerability in Adobe Acrobat Reader DC allows attackers to execute arbitrary code by tricking users into opening malicious PDF f...

CVE-2023-39139 is a path traversal vulnerability in Archive v3.3.7 that allows attackers to write arbitrary files outside the intended extraction dire...

CVE-2023-39135 is a path traversal vulnerability in Zip Swift library v2.1.2 that allows attackers to write files outside the intended extraction dire...

A directory traversal vulnerability in BusyBox's cpio command allows attackers to write files outside the intended extraction directory. This affects ...

This vulnerability in Bitberry File Opener v23.0 allows attackers to perform directory traversal attacks through CAB file extraction. Attackers can wr...

This vulnerability allows authenticated local users on Brocade Fabric OS to execute arbitrary commands regardless of their assigned privileges by expl...

CVE-2023-25307 is a directory traversal vulnerability in nothub mrpack-install versions up to v0.16.2 that allows attackers to write files outside the...

CloudPanel v2.2.2 contains a path traversal vulnerability that allows attackers to access files outside the intended directory. This affects all syste...

This vulnerability allows remote code execution through path traversal in Schneider Electric's IGSS software. An attacker can craft a malicious report...

CVE-2022-47506 is a directory traversal vulnerability in SolarWinds Platform that allows authenticated local attackers to modify default configuration...

A local privilege escalation vulnerability in FortiClient for Windows allows unprivileged local attackers to gain SYSTEM-level privileges by exploitin...

This vulnerability allows local attackers to bypass file permissions through a path traversal error in Android's CallLogProvider component. It enables...

This path traversal vulnerability in Schneider Electric's industrial control software allows attackers to deploy malicious scripts to unauthorized loc...

This vulnerability allows attackers to gain SYSTEM-level privileges on Windows systems by exploiting the Print Spooler service. It affects Windows ser...

A path traversal vulnerability in Adobe Acrobat Reader for Android allows attackers to execute arbitrary code by tricking users into opening malicious...

This vulnerability in LCDS LAquis SCADA allows attackers to bypass security controls and write arbitrary files to the operating system through path tr...