CWE-22: Path Traversal

The NVIDIA NVDebug tool contains a improper path validation vulnerability (CWE-22) that allows attackers to write files to restricted system component...

SAP NetWeaver Visual Composer has a directory traversal vulnerability where high-privileged users can manipulate input paths to access arbitrary files...

A vulnerability in Xerox Workplace Suite allows attackers to read, upload, and delete arbitrary files on the server by manipulating HTTP headers. This...

This vulnerability in PwnDoc allows authenticated users with template update/download permissions to perform path traversal attacks by injecting '../'...

This vulnerability allows authenticated attackers to execute arbitrary code on affected Xerox FreeFlow Core systems via path traversal. Attackers can ...

CVE-2020-24102 is a directory traversal vulnerability in Punkbuster's pbsv.d64 component that allows remote attackers to read arbitrary files and pote...

CVE-2024-23474 is a vulnerability in SolarWinds Access Rights Manager that allows attackers to delete arbitrary files and disclose sensitive informati...

CVE-2024-23468 is a directory traversal vulnerability in SolarWinds Access Rights Manager that allows unauthenticated attackers to delete arbitrary fi...

This vulnerability allows unauthenticated attackers to perform path traversal attacks, leading to local file inclusion in WordPress sites using the Ph...

This vulnerability allows attackers to read arbitrary files on the server through path traversal in the WooCommerce One Page Checkout plugin. It affec...

This path traversal vulnerability in Rank Math SEO WordPress plugin allows attackers to read arbitrary files on the server by manipulating file paths....

This vulnerability in SINEC NMS allows authenticated users to exploit a path traversal flaw in the monitoring data export API endpoint. Attackers can ...

This vulnerability allows remote attackers to execute arbitrary code on Windows systems running vulnerable Eclipse RAP versions. Attackers can exploit...

CVE-2022-24718 is a path traversal vulnerability in ssr-pages, an HTML page builder for server-side rendering. When untrusted input is passed to the '...

Easyndexer 1.0 contains an unauthenticated arbitrary file download vulnerability that allows attackers to retrieve sensitive system files by manipulat...

This CVE describes a path traversal vulnerability in Talishar, a fan-made Flesh and Blood project, where the ParseGamestate.php component can be acces...

OpenClaw versions before 2026.2.13 contain a path traversal vulnerability in browser control API endpoints that handle trace and download files. Attac...

The WP Responsive Images WordPress plugin contains a path traversal vulnerability in the 'src' parameter that allows unauthenticated attackers to read...

A path traversal vulnerability in Fiber's static middleware on Windows allows remote attackers to bypass sanitization and read arbitrary files from th...

GetSimple CMS has a path traversal vulnerability in its Uploaded Files feature that allows attackers to read arbitrary files on the server. This affec...

OpenClaw's Feishu extension had a path traversal vulnerability that allowed reading arbitrary local files by supplying attacker-controlled paths. This...

An authenticated user with team edit permissions in Penpot can read arbitrary files from the server filesystem by exploiting a path traversal vulnerab...

CVE-2019-25355 is a directory traversal vulnerability in gSOAP 2.8 that allows unauthenticated attackers to access sensitive system files by manipulat...

CVE-2026-23491 is a path traversal vulnerability in InvoicePlane that allows unauthenticated attackers to read arbitrary files on the server by manipu...

This vulnerability in Rack's Rack::Directory component allows attackers to bypass directory restrictions using path traversal techniques. By crafting ...

This vulnerability in BACnet Stack allows attackers to write files to arbitrary directories due to lack of path validation in file writing functionali...

An unauthenticated attacker can exploit this vulnerability by manipulating URLs to read arbitrary files from the Valmet DNA Web Tools server. This aff...

This CVE describes a path handling vulnerability (CWE-22) in multiple Apple operating systems and Safari that allows a remote attacker to write arbitr...

CVE-2020-37214 is a directory traversal vulnerability in Voyager 1.3.0 that allows attackers to read sensitive system files by manipulating the asset ...

A directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to access sensitive files or delete arbitrary files by manipulating input to ...

This vulnerability allows unauthenticated remote attackers to bypass authentication by exploiting insufficient URI validation. Attackers can use path ...

This vulnerability in NiceGUI allows attackers to perform path traversal attacks by uploading files with malicious filenames containing '../' sequence...

This vulnerability in the Terraform/OpenTofu Proxmox provider allows attackers to escape restricted directories via path traversal (../) in SSH config...

CVE-2020-37041 is a directory traversal vulnerability in OpenCTI 3.3.1 that allows unauthenticated attackers to read arbitrary files from the server f...

CVE-2026-24469 is a path traversal vulnerability in C++ HTTP Server versions 1.0 and below that allows unauthenticated remote attackers to read arbitr...

This path traversal vulnerability in the Hostme v2 WordPress theme allows attackers to delete arbitrary files on the server by manipulating file paths...

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted...

SiYuan personal knowledge management system versions before 3.5.4 contain a path traversal vulnerability in the markdown feature's HTML rendering. Thi...

A path traversal vulnerability in esm.sh CDN allows attackers to write arbitrary files outside intended directories by exploiting absolute paths in ma...

This directory traversal vulnerability in Omnispace Agora Project allows unauthenticated attackers to read arbitrary files with extensions from the se...

CVE-2021-47755 is a path traversal vulnerability in Oliver Library Server v5 that allows unauthenticated attackers to download arbitrary files from th...

This vulnerability allows a local user on a Windows system to manipulate the Harmony SASE client to write or delete files outside its intended certifi...

Kyocera Command Center RX ECOSYS M2035dn has a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files ...

This directory traversal vulnerability in Eptura Archibus allows attackers to access files outside the intended directory through the 'Run script' and...

This vulnerability in Yonyou YonBIP allows attackers to bypass normal directory restrictions via path traversal in the LoginWithV8 interface, potentia...

This path traversal vulnerability in MediaWiki's CSS extension allows attackers to read arbitrary files on the server by manipulating file paths. It a...

The Yoco Payments WordPress plugin contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files on the server...

This CVE describes a path traversal vulnerability in Frappe web framework that allows attackers to read arbitrary files from the server due to insuffi...

This directory traversal vulnerability in Vatilon v1.12.37-20240124 allows attackers to access sensitive files and directories outside the intended we...

A path traversal vulnerability in Qfiling allows remote attackers to read arbitrary files on the system by manipulating file paths. This affects all Q...