CWE-22: Path Traversal

This directory traversal vulnerability in Vatilon v1.12.37-20240124 allows attackers to access sensitive files and directories outside the intended we...

A path traversal vulnerability in Qfiling allows remote attackers to read arbitrary files on the system by manipulating file paths. This affects all Q...

This vulnerability allows remote attackers to read arbitrary files on SOUND4 IMPACT/FIRST/PULSE/Eco devices without authentication by manipulating the...

CVE-2024-25183 is a directory traversal vulnerability in givanz VvvebJs 1.7.2 that allows attackers to read arbitrary files on the server via the scan...

NagiosXI 2026R1.0.1 build 1762361101 contains a directory traversal vulnerability in /admin/coreconfigsnapshots.php that allows attackers to access fi...

CVE-2023-53962 is an unauthenticated directory traversal vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco v2.x that allows remote attackers to write arb...

A path traversal vulnerability in Sharp Display Solutions projectors allows attackers to read arbitrary files on the device's filesystem. This affects...

CVE-2025-66905 is a path traversal vulnerability in the Takes web framework that allows remote attackers to read arbitrary files from the host system ...

This path traversal vulnerability in the WP Chill Filr WordPress plugin allows attackers to delete arbitrary files on the server. It affects all WordP...

This directory traversal vulnerability in RiteCMS v3.1.0 allows attackers to bypass access controls and read sensitive files on the server. Attackers ...

This CVE describes a local file inclusion vulnerability in RiteCMS v3.1.0 that allows attackers to read arbitrary files on the server through director...

This vulnerability in @vitejs/plugin-rsc allows unauthenticated attackers to read arbitrary files accessible to the Node.js process during development...

CVE-2024-58312 is an unauthenticated path traversal vulnerability in xbtitFM 4.1.18 that allows attackers to read sensitive system files by manipulati...

This CVE describes a directory traversal vulnerability in FearlessCMS that allows remote attackers to delete arbitrary directories via the plugin-hand...

This directory traversal vulnerability in FearlessCMS allows remote attackers to use the plugin-handler.php file with the file_get_contents() function...

This vulnerability in Barracuda Service Center allows unauthenticated attackers to read arbitrary files via path traversal in a .NET Remoting service....

The Hippoo Mobile App for WooCommerce WordPress plugin has a path traversal vulnerability that allows unauthenticated attackers to read arbitrary file...

This directory traversal vulnerability in NiceGUI allows remote attackers to read arbitrary files on the server filesystem by exploiting the App.add_m...

MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows unauthenticated attackers to read sensitive system files through the ...

The warehouse management system version 1.2 contains an arbitrary file read vulnerability via directory traversal. Attackers can exploit the /file/sho...

PublicCMS V5.202506.b contains a path traversal vulnerability in the doUploadSitefile method that allows attackers to write arbitrary files to uninten...

OneCommander 3.102.0.0 contains a directory traversal vulnerability in its ZIP file processing component that allows attackers to write files outside ...

A Local File Inclusion vulnerability in tQuadra CMS 4.2.1117 allows attackers to read arbitrary files from the server by exploiting improper input san...

AstrBot Project v3.5.22 contains a directory traversal vulnerability in the plugin upload interface. Attackers can upload files to arbitrary locations...

This vulnerability allows attackers to upload malicious configuration files that bypass directory traversal protections, leading to remote code execut...

This path traversal vulnerability in the WordPress Download Counter plugin allows attackers to download arbitrary files from the server by manipulatin...

A directory traversal vulnerability in NextChat's WebDAV proxy allows attackers to access sensitive files outside the intended directory by exploiting...

CVE-2025-3355 is a directory traversal vulnerability in IBM Tivoli Monitoring that allows remote attackers to read arbitrary files on the system by se...

This vulnerability allows unauthenticated attackers to read arbitrary files from the Windows operating system on affected MPDV Mikrolab systems. It af...

This vulnerability in Liferay Portal and DXP allows remote attackers to trigger denial of service attacks by exploiting the ComboServlet's lack of lim...

CVE-2025-34518 is a relative path traversal vulnerability in Ilevia EVE X1 Server firmware that allows attackers to read arbitrary files on the system...

This is a path traversal vulnerability (CWE-22) in Oracle Configurator within Oracle E-Business Suite that allows unauthenticated attackers to access ...

This path traversal vulnerability in AndSoft's e-TMS v25.03 allows attackers to access files within the web root directory by manipulating the 'docurl...

This path traversal vulnerability in Beyaz Computer CityPlus allows attackers to access files outside the intended directory by manipulating file path...

A path traversal vulnerability in SS1 Ver.16.0.0.10 and earlier allows remote unauthenticated attackers to view arbitrary files on the system. This af...

PerfreeBlog v4.0.11 contains a directory traversal vulnerability in the getThemeFilesByName function that allows attackers to read arbitrary files on ...

This path traversal vulnerability in Simple File List WordPress plugin allows attackers to download arbitrary files from the server by manipulating fi...

The Assistant for NextGEN Gallery WordPress plugin has an unauthenticated directory deletion vulnerability in its REST API endpoint. Attackers can del...

Omnissa Workspace ONE UEM contains a path traversal vulnerability in secondary context paths that allows attackers to access restricted API endpoints ...

This CVE describes a directory traversal vulnerability in ViewVC's standalone.py script that allows attackers to read arbitrary files from the host se...

This vulnerability allows administrators in Apache Jena Fuseki to create database files outside the designated files area, potentially enabling path t...

The Simple Backup WordPress plugin allows attackers to download any file from the server without authentication due to missing security checks. This a...

This vulnerability is an incomplete fix for CVE-2025-23084 in Node.js that allows path traversal attacks when using Windows device names like CON, PRN...

This path traversal vulnerability in the LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon WordPress plugin allows attackers to download a...

This path traversal vulnerability in the Easy Video Player WordPress & WooCommerce plugin allows attackers to download arbitrary files from the server...

This vulnerability allows unauthenticated remote attackers to perform directory traversal attacks on Marvell QConvergeConsole installations. Attackers...

This vulnerability allows remote attackers to read sensitive files on Marvell QConvergeConsole installations without authentication. Attackers can exp...

This vulnerability allows unauthenticated remote attackers to read arbitrary files on Marvell QConvergeConsole installations via directory traversal. ...

This vulnerability allows unauthenticated remote attackers to read arbitrary files on systems running Marvell QConvergeConsole. Attackers can exploit ...

This vulnerability allows unauthenticated remote attackers to perform directory traversal attacks on Marvell QConvergeConsole installations. By exploi...