CWE-22: Path Traversal

This vulnerability allows attackers to read arbitrary files on systems using the affected llama_index library by exploiting symbolic link handling in ...

A path traversal vulnerability in Infinera G42's WebGUI HTTP endpoint allows authenticated remote users to download any readable files from the operat...

A path traversal vulnerability in HPE Insight Remote Support (IRS) allows attackers to access files outside the intended directory by manipulating fil...

A path traversal vulnerability in WeiPHP 5.0 allows unauthenticated remote attackers to read arbitrary files on the server by sending crafted POST req...

A path traversal vulnerability in Moodle LMS Jmol plugin versions 6.1 and earlier allows unauthenticated attackers to read arbitrary files from the se...

An unauthenticated path traversal vulnerability in Mitel OpenScape Xpressions WebApl component allows attackers to read arbitrary files from the under...

PHPGurukul Pre-School Enrollment System V1.0 contains a directory traversal vulnerability in update-teacher-pic.php that allows attackers to read arbi...

This path traversal vulnerability in the Spreadsheet Price Changer WordPress plugin allows attackers to download arbitrary files from the server by ma...

This vulnerability in Python's tarfile module allows attackers to bypass extraction filters, enabling symlink attacks that can write files outside the...

A directory traversal vulnerability in WebLaudos 24.2 (04) allows remote attackers to access sensitive files outside the intended directory structure ...

An unauthenticated remote attacker can exploit this absolute path traversal vulnerability in AP Page Builder to modify configuration files and read ar...

The Mayosis Core WordPress plugin contains an arbitrary file read vulnerability in all versions up to 5.4.1. Unauthenticated attackers can exploit thi...

PHPGurukul Pre-School Enrollment System contains a directory traversal vulnerability in manage-teachers.php that allows attackers to access files outs...

This vulnerability in tar-fs allows attackers to write files outside the intended extraction directory when processing malicious tar archives. It affe...

This path traversal vulnerability in the WpEvently WordPress plugin allows attackers to include arbitrary PHP files from the server, potentially leadi...

An unauthenticated directory traversal vulnerability in Polyaxon allows attackers to access sensitive files and directory information without authenti...

A path traversal vulnerability in modelscope/agentscope v0.0.4 allows attackers to read arbitrary files on the server by manipulating the 'path' param...

This vulnerability allows arbitrary file deletion on systems running the aim tracking server. An attacker can craft a glob-pattern to delete files out...

A local file inclusion vulnerability in netease-youdao/qanything v2.0.0 allows attackers to read arbitrary files on the file system. This can lead to ...

A local file inclusion vulnerability in haotian-liu/llava's Gradio web UI allows attackers to read arbitrary files on the server by sending specially ...

This path traversal vulnerability in Softdial Contact Center allows attackers to manipulate the 'id' parameter in the '/softdial/scheduler/load.php' e...

This path traversal vulnerability in GL-INet Beryl AX GL-MT3000 routers allows attackers to download arbitrary files from the device's file system by ...

This vulnerability allows attackers to download arbitrary files from GL-INet Beryl AX GL-MT3000 routers by exploiting symbolic link manipulation on ex...

The DesignThemes Core Features WordPress plugin contains a file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files ...

This vulnerability in SUCMS v1.0 allows attackers to perform directory traversal and delete arbitrary files via crafted GET requests to admin_template...

This path traversal vulnerability in the Estatik WordPress plugin allows attackers to include arbitrary local PHP files, potentially leading to remote...

This path traversal vulnerability in VideoWhisper Live Streaming Integration allows attackers to download arbitrary files from the server by manipulat...

A path traversal vulnerability in GHOSTS version 8.0.0.0 allows attackers to read arbitrary files from the server's filesystem by exploiting the photo...

CVE-2025-25997 is a directory traversal vulnerability in FeMiner wms v1.0 that allows remote attackers to access sensitive files outside the intended ...

A directory traversal vulnerability in yeqifu carRental v1.0 allows remote attackers to access sensitive files outside the intended directory via the ...

This CVE describes a path traversal vulnerability in Adobe Commerce that allows unauthenticated attackers to modify files outside restricted directori...

A path traversal vulnerability in AudioCodes One Voice Operations Center (OVOC) allows unauthenticated attackers to read sensitive data. This affects ...

This path traversal vulnerability in the efreja Music Sheet Viewer WordPress plugin allows attackers to read arbitrary files on the server by manipula...

This path traversal vulnerability in the WordPress Plugin A/B Image Optimizer allows attackers to download arbitrary files from the server by manipula...

ChestnutCMS versions 1.5.0 and earlier contain a directory traversal vulnerability in the FileController component that allows attackers to access arb...

A directory traversal vulnerability in Zrlog backup-sql-file.jar v3.0.31 allows remote attackers to read arbitrary files on the server by manipulating...

This path traversal vulnerability in the PDF Generator Addon for Elementor Page Builder WordPress plugin allows attackers to read arbitrary files on t...

This path traversal vulnerability in the WP Cloud WordPress plugin allows attackers to delete arbitrary files on the server by manipulating file paths...

This vulnerability in OpenPanel v0.3.4 allows attackers to perform directory traversal attacks through the File Manager's Copy and View functions. Att...

The Music Sheet Viewer WordPress plugin contains an arbitrary file read vulnerability that allows unauthenticated attackers to read any file on the se...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to perform Local File Inclusion attacks via the 'theme...

This path traversal vulnerability in the WordPress Store Locator plugin allows attackers to include arbitrary local PHP files through improper path va...

CVE-2024-13180 is a path traversal vulnerability in Ivanti Avalanche that allows remote unauthenticated attackers to access sensitive files and inform...

This directory traversal vulnerability in Pat Infinite Solutions HelpdeskAdvanced allows attackers to access files outside the intended directory via ...

This directory traversal vulnerability in Pat Infinite Solutions HelpdeskAdvanced allows attackers to access arbitrary files on the server by manipula...

This vulnerability allows attackers to perform directory traversal attacks through the Email/SaveAttachment function in Pat Infinite Solutions Helpdes...

This vulnerability allows attackers to perform directory traversal attacks through the WSCView/Save function in Pat Infinite Solutions HelpdeskAdvance...

This CVE describes a path traversal vulnerability in ClipBucket V5's avatar upload feature. Attackers can delete arbitrary files on the server by mani...

This vulnerability in ClipBucket V5 allows unauthenticated attackers to perform directory traversal attacks to change the template directory, leading ...

This path traversal vulnerability in Classic Addons for WPBakery Page Builder allows attackers to include arbitrary PHP files from the server's filesy...