CWE-22: Path Traversal

This vulnerability allows unauthenticated attackers to delete arbitrary files on WordPress servers running the vulnerable Multi Uploader for Gravity F...

CVE-2025-67506 is a path traversal vulnerability in PipesHub that allows unauthenticated attackers to write arbitrary files anywhere the service accou...

This vulnerability allows attackers to overwrite arbitrary system files via path traversal in tar archive extraction. Attackers can craft malicious .t...

N-central versions before 2025.4 contain a path traversal vulnerability that allows attackers to bypass authentication mechanisms. This affects all or...

This vulnerability allows unauthenticated attackers to include and execute arbitrary PHP files on WordPress servers running the ShopLentor plugin. Att...

This vulnerability allows attackers to write arbitrary files through a vulnerable upgrade feature in BLU-IC2 and BLU-IC4 devices. Successful exploitat...

A path traversal vulnerability in Windsurf IDE allows attackers to read and write arbitrary files on a user's system, both within and outside of curre...

This vulnerability allows unauthenticated attackers to delete arbitrary files on WordPress servers running the vulnerable WooCommerce Designer Pro plu...

This vulnerability allows unauthenticated attackers to delete arbitrary files on WordPress servers running the vulnerable WP Travel Engine plugin. Att...

This vulnerability in Dragonfly allows peers to create or read arbitrary files on other peers' systems via gRPC and HTTP APIs, enabling data theft and...

A directory traversal vulnerability in Swetrix Web Analytics API allows attackers to bypass path restrictions and upload malicious files, leading to r...

The WP Webhooks WordPress plugin allows unauthenticated attackers to copy arbitrary files on the server due to improper input validation. This can lea...

CVE-2024-44373 is a critical path traversal vulnerability in AllSky software that allows unauthenticated attackers to write arbitrary files to the ser...

This vulnerability allows unauthenticated attackers to upload and execute arbitrary ASPX scripts on Umbraco CMS servers. Attackers can achieve remote ...

An unauthenticated path traversal vulnerability in Mitel MiCollab's NuPoint Unified Messaging component allows attackers to access, modify, or delete ...

CVE-2025-8356 is a critical path traversal vulnerability in Xerox FreeFlow Core version 8.0.4 that allows attackers to access unauthorized files on th...

This vulnerability in pyLoad allows unauthenticated attackers to perform path traversal via the addcrypted endpoint, leading to arbitrary file write a...

CVE-2025-54387 is a path traversal vulnerability in IPX image optimization software that allows attackers to bypass directory restrictions and potenti...

A path traversal vulnerability in Traefik's WASM plugin installation mechanism allows attackers to overwrite arbitrary system files by uploading malic...

This path traversal vulnerability in Samsung MagicINFO 9 Server allows attackers to upload malicious web shell files to restricted directories. Succes...

This path traversal vulnerability in Samsung MagicINFO 9 Server allows attackers to upload malicious web shell files to the web server directory. Atta...

A path traversal vulnerability in Ruckus Unleashed and ZoneDirector web interfaces allows unauthenticated attackers to execute arbitrary EJS template ...

This vulnerability in the Support Board WordPress plugin allows attackers to delete arbitrary files on the server due to insufficient path validation....

A directory traversal vulnerability in novel plus allows remote attackers to read, write, or execute arbitrary files on the server by manipulating the...

CVE-2025-32799 is a path traversal vulnerability in conda-build that allows attackers to write files outside intended directories by crafting maliciou...

A path traversal vulnerability in Liferay Portal and DXP allows remote attackers to write arbitrary files to server locations and download/execute arb...

A path traversal vulnerability (CWE-22) in RICOH Streamline NX V3 PC Client allows attackers to tamper with specific files, potentially leading to arb...

A directory traversal vulnerability in HPE StoreOnce Software allows attackers to access sensitive files outside the intended directory. This affects ...

This vulnerability allows unauthenticated attackers to include and execute arbitrary files on WordPress servers running the Madara theme. Attackers ca...

This path traversal vulnerability in the Grand Restaurant WordPress theme allows attackers to access files outside the intended directory. If exploite...

The TicketBAI Facturas para WooCommerce WordPress plugin has an arbitrary file deletion vulnerability that allows unauthenticated attackers to delete ...

This path traversal vulnerability in Azure allows unauthorized attackers to access restricted directories and elevate privileges over a network. It af...

This vulnerability allows attackers to write arbitrary files with system-level privileges on Samsung MagicINFO 9 Server by exploiting improper pathnam...

This vulnerability allows unauthenticated attackers to execute arbitrary scripts on Yi IOT XY-3820 devices by sending specially crafted TCP requests t...

This vulnerability allows unauthenticated attackers to include and execute arbitrary PHP files on WordPress servers running the vulnerable InstaWP Con...

This vulnerability allows unauthenticated attackers to move arbitrary files on WordPress servers running the vulnerable Drag and Drop Multiple File Up...

This vulnerability allows attackers to perform directory traversal attacks by sending a specially crafted POST request to the openSIS messaging module...

The Kubio AI Page Builder WordPress plugin has a Local File Inclusion vulnerability that allows unauthenticated attackers to include and execute arbit...

A path traversal vulnerability in parisneo/lollms-webui version V12 allows attackers to create or delete arbitrary directories on the system by exploi...

The Age Gate WordPress plugin contains a Local File Inclusion vulnerability that allows unauthenticated attackers to include and execute arbitrary PHP...

Applio voice conversion tool versions 3.2.8-bugfix and prior contain an arbitrary file write vulnerability in inference.py that allows attackers to wr...

This vulnerability allows unauthenticated attackers to perform Local File Inclusion (LFI) via the 'template' parameter in the HUSKY plugin for WordPre...

This path traversal vulnerability in Proliz Software OBS allows attackers to access files outside the intended directory by manipulating file paths. I...

This vulnerability in Extreme Networks XIQ-SE allows attackers to bypass access controls via path traversal, potentially gaining elevated privileges. ...

The Keap Official Opt-in Forms WordPress plugin has a Local File Inclusion vulnerability that allows unauthenticated attackers to include PHP files on...

The Campress WordPress theme contains a Local File Inclusion vulnerability that allows unauthenticated attackers to include and execute arbitrary PHP ...

This vulnerability allows unauthenticated attackers to perform local file inclusion via the tabname parameter in the MultiVendorX WordPress plugin. At...

The Bootstrap Ultimate WordPress theme contains a Local File Inclusion vulnerability that allows unauthenticated attackers to include arbitrary PHP fi...

This vulnerability in Gogs allows a malicious user to commit a crafted symlink file to a repository, potentially gaining SSH access to the server. All...

This vulnerability allows unauthenticated attackers to upload arbitrary files to Raisecom network devices via the web interface. Attackers can exploit...