CWE-22: Path Traversal

This vulnerability in LCDS LAquis SCADA allows attackers to bypass security controls and write arbitrary files to the operating system through path tr...

This vulnerability allows remote code execution through path traversal in Schneider Electric's IGSS Definition software. Attackers can exploit it by t...

This vulnerability allows attackers to exploit directory traversal and buffer overflow flaws in yTNEF and Evolution's TNEF parser when processing spec...

CVE-2021-27030 is a directory traversal vulnerability in Autodesk FBX Review that allows remote code execution when a user opens a malicious FBX file....

This directory traversal vulnerability in Luxion KeyShot products allows attackers to place malicious scripts in system startup folders by tricking us...

This CVE describes a path traversal vulnerability in Adobe Acrobat Reader DC that allows arbitrary code execution. An unauthenticated attacker can exp...

This CVE describes a path traversal vulnerability in HPE Apollo 70 System BMC firmware that allows attackers to delete arbitrary files on the system. ...

This CVE describes a local path traversal vulnerability in the Baseboard Management Controller (BMC) firmware of specific HPE Cloudline servers. An at...

This CVE describes a path traversal vulnerability in the Baseboard Management Controller (BMC) firmware of specific HPE Cloudline servers. It allows l...

This CVE describes a path handling vulnerability in Apple operating systems that allows local attackers to elevate privileges through improper validat...

This vulnerability allows attackers to elevate privileges on Windows systems by exploiting how Windows Error Reporting (WER) handles and executes file...

This path traversal vulnerability in the WordPress User Extra Fields plugin allows attackers to delete arbitrary files on the server. It affects all W...

This path traversal vulnerability in the Woo File Dropzone WordPress plugin allows attackers to delete arbitrary files on the server. It affects all W...

This vulnerability in Weblate allows attackers to read arbitrary files from the server file system by exploiting crafted symbolic links in repositorie...

This path traversal vulnerability in SeaTheme BM Content Builder WordPress plugin allows attackers to delete arbitrary files on the server. It affects...

Soft Serve versions 0.9.1 and below contain a path traversal vulnerability (CWE-22) in the SSH API that allows attackers to create or overwrite arbitr...

This path traversal vulnerability in the UPC/EAN/GTIN Code Generator WordPress plugin allows attackers to delete arbitrary files on the server. It aff...

CVE-2024-39399 is a path traversal vulnerability in Adobe Commerce that allows low-privileged attackers to read arbitrary files from the server's file...

This vulnerability allows attackers to read arbitrary files from a Salt master's filesystem by exploiting a directory traversal flaw in the Salt file ...

This CVE describes a Path Traversal and Remote File Inclusion vulnerability in the parisneo/lollms-webui application that allows attackers to manipula...

This CVE describes a directory traversal vulnerability in KasmVNC that allows authenticated remote attackers to access files and directories outside t...

This path traversal vulnerability in the Lenderd 1003 Mortgage Application WordPress plugin allows attackers to access files outside the intended dire...

A path traversal vulnerability in the 'getAllFolderContents' function of GE HealthCare's Common Service Desktop component allows attackers to access f...

CVE-2024-3783 is a path traversal vulnerability in WBSAirback 21.02.04 that allows low-privileged users to download arbitrary files from the system. T...

This path traversal vulnerability in the WordPress WP Poll Maker plugin allows authenticated users with subscriber-level access to delete arbitrary fi...

This CVE describes a code injection vulnerability in gin-vue-admin's plugin template feature where attackers can perform directory traversal via the p...

This vulnerability allows authenticated Umbraco backoffice users with package creation permissions to perform path traversal attacks, enabling them to...

This path traversal vulnerability in QNAP Music Station allows authenticated users to access files outside the intended directory by manipulating file...

CVE-2023-42462 is a path traversal vulnerability in GLPI's document upload functionality that allows attackers to delete arbitrary files on the server...

This path traversal vulnerability in M-Files Classic Web allows authenticated users to access restricted files on the web server by manipulating file ...

This vulnerability in TIBCO EBX Add-ons allows authenticated low-privileged users to read system files accessible to the web server. It affects organi...

This path traversal vulnerability in Synology DNS Server allows authenticated remote attackers to delete arbitrary files on the system. It affects Syn...

Argo CD versions 1.3.0 through 2.3.0 contain a path traversal vulnerability combined with improper access control. This allows authenticated users wit...

This vulnerability allows attackers to craft malicious files that exploit path traversal when opened in Rockwell Automation Connected Components Workb...

This vulnerability in Argo CD allows attackers to perform directory traversal attacks through malicious Helm charts, potentially accessing sensitive f...

This vulnerability in Nimforum allows any authenticated user to create posts or threads that include local file references, which the server will rend...

Flatpak versions before 1.12.3 and 1.10.6 contain a path traversal vulnerability in flatpak-builder when using the --mirror-screenshots-url option. Th...

CVE-2021-41152 is a path traversal vulnerability in OpenOlat that allows authenticated users to read arbitrary files on the server by manipulating HTT...

CVE-2021-37200 is a path traversal vulnerability in Siemens SINEC NMS that allows authenticated attackers to download arbitrary files from the underly...

CVE-2020-26279 is a path traversal vulnerability in go-ipfs that allows attackers to overwrite files or write to incorrect directories when retrieving...

A local file inclusion vulnerability in Advantech WebAccess/SCADA 9.0.1 allows authenticated attackers to read arbitrary files on the system. This aff...

CVE-2021-21251 is a path traversal vulnerability in OneDev's TarUtils library that allows authenticated attackers to write arbitrary files anywhere on...

This CVE describes a directory traversal vulnerability in the Simple Job Board WordPress plugin that allows authenticated attackers to read arbitrary ...

This CVE describes a directory traversal vulnerability in spring-boot-actuator-logview library versions before 0.2.13. Attackers can exploit insuffici...

This vulnerability allows authenticated users with log download permissions in tgstation-server to perform directory traversal attacks, enabling them ...

This vulnerability in Tiny File Manager 2.4.1 allows authenticated users to create backup copies of files with .bak extension outside their intended d...

This vulnerability allows a privileged user in IBM WebSphere Application Server Liberty to upload a zip archive containing path traversal sequences, w...

CVE-2026-25116 is an unauthenticated path traversal vulnerability in Runtipi homeserver orchestrator that allows remote attackers to overwrite the doc...

This path traversal vulnerability in the Workreap WordPress theme plugin allows attackers to delete arbitrary files on the server by manipulating file...

This SSRF/LFI vulnerability in LLaMA-Factory allows authenticated users to make arbitrary HTTP requests to internal/external networks and read arbitra...