CWE-22: Path Traversal

The MIPL WC Multisite Sync WordPress plugin contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files...

The Error Log Viewer By WP Guru WordPress plugin contains an unauthenticated arbitrary file read vulnerability. Attackers can exploit this to read any...

A path traversal vulnerability in Kurmi Provisioning Suite's DocServlet servlet allows remote attackers to read any file from the web application inst...

Spring applications using WebMvc.fn or WebFlux.fn functional web frameworks to serve static resources are vulnerable to path traversal attacks. Attack...

This path traversal vulnerability in the WP Cookies Enabler WordPress plugin allows attackers to include local PHP files via directory traversal seque...

This CVE describes a path traversal vulnerability in the Sogrid WordPress plugin that allows attackers to include local PHP files via improper pathnam...

This vulnerability allows attackers to perform directory traversal attacks in Syncfusion Essential Studio for ASP.NET MVC's File Manager component. By...

CVE-2024-55657 is an arbitrary file read vulnerability in SiYuan personal knowledge management systems. Attackers can exploit the unvalidated path par...

This path traversal vulnerability in Lenxel Core for Lenxel(LNX) LMS allows attackers to read arbitrary files on the server by manipulating file paths...

The WP Hide & Security Enhancer WordPress plugin has a vulnerability that allows unauthenticated attackers to delete arbitrary files on the server due...

Favorites-web 1.3.0 has a directory traversal vulnerability in SecurityFilter.java that allows attackers to access files outside the intended director...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to include and execute arbitrary PHP files on Windows ...

This path traversal vulnerability in the Jobify WordPress theme allows unauthenticated attackers to read arbitrary files on the server by manipulating...

This path traversal vulnerability in Sharp and Toshiba multifunction printers allows attackers to access arbitrary files on the affected devices by ma...

The MP3 Sticky Player plugin for WordPress has a directory traversal vulnerability in the content/downloader.php file, allowing unauthenticated attack...

This directory traversal vulnerability in Allegra's serveMathJaxLibraries method allows unauthenticated remote attackers to read arbitrary files on th...

This CVE describes a path traversal vulnerability in the WordPress Bootscraper plugin, allowing attackers to include local PHP files via improper path...

This vulnerability allows unauthenticated attackers to read arbitrary files on WordPress servers running the vulnerable PDF Generator Addon for Elemen...

This path traversal vulnerability in the DigiPass WordPress plugin allows attackers to download arbitrary files from the server by manipulating file p...

The LUNA RADIO PLAYER WordPress plugin contains a directory traversal vulnerability in its js/fallback.php file that allows unauthenticated attackers ...

This vulnerability in Ollama allows attackers to discover which files exist on the server via path traversal in the api/push route. It affects all dep...

This vulnerability allows authenticated users of ZimaOS to read arbitrary files on the system by manipulating the 'files' parameter in the API endpoin...

Nginx UI v2.0.0-beta.35 and earlier contains a path traversal vulnerability that allows attackers to write arbitrary files to the server by manipulati...

A path traversal vulnerability in binary-husky/gpt_academic version 3.83 allows attackers to read arbitrary files on the host system by manipulating t...

This path traversal vulnerability in the SSV MailChimp WordPress plugin allows attackers to include local PHP files through improper path validation. ...

This vulnerability allows attackers to perform path traversal attacks in the WordPress WPOptin plugin, enabling local file inclusion of PHP files. Att...

This path traversal vulnerability in the MaxSlider WordPress plugin allows attackers to read arbitrary files on the server by manipulating file paths....

SolarWinds Serv-U contains a directory traversal vulnerability that allows authenticated users to access files outside intended directories. When comb...

SHIRASAGI CMS versions before 1.19.1 have a path traversal vulnerability that allows attackers to read arbitrary files on the server by sending specia...

CVE-2024-47877 is a path traversal vulnerability in the Extract Go library that allows attackers to create symbolic links outside the intended extract...

This path traversal vulnerability in the WP Timeline plugin allows attackers to include arbitrary PHP files from the server, potentially leading to re...

This CVE describes a path traversal vulnerability in the Podiant WordPress plugin that allows attackers to include local PHP files through improper pa...

This vulnerability allows attackers to read arbitrary files on the server through path traversal in the WP Ticket Ultra WordPress plugin. It affects a...

This CVE describes a path traversal vulnerability in the VR Calendar WordPress plugin that allows attackers to include local PHP files via improper pa...

An unauthenticated directory traversal vulnerability in Veertu Anka Build's archive functionality allows attackers to access sensitive files outside i...

A path traversal vulnerability in E2Nest allows attackers to read arbitrary files on the server by manipulating file paths. This affects all E2Nest de...

eNMS versions 4.4.0 through 4.7.1 contain a directory traversal vulnerability in the scan_folder function that allows attackers to read arbitrary file...

CVE-2024-46645 is a directory traversal vulnerability in eNMS 4.0.0 that allows attackers to read arbitrary files on the server via the get_tree_files...

CVE-2024-8752 is a directory traversal vulnerability in WebIQ 2.15.9 for Windows that allows remote attackers to read arbitrary files on the system. T...

Spring applications using RouterFunctions to serve static resources with FileSystemResource locations are vulnerable to path traversal attacks. This a...

This path traversal vulnerability in Vidco Software VOC TESTER allows attackers to access files outside the intended directory by manipulating file pa...

CVE-2024-44867 is an arbitrary file read vulnerability in phpok v3.0 that allows attackers to read sensitive files on the server through the /autoload...

SeaCMS v13.1 contains an arbitrary file read vulnerability in admin_safe.php that allows attackers to read sensitive files on the server. This affects...

This path traversal vulnerability in DataFlowX Technology's DataDiodeX allows attackers to access files outside the intended directory by manipulating...

A path traversal vulnerability in stripe-cli allows attackers to overwrite arbitrary files on the system when installing plugins with malformed shortn...

This CVE describes a path traversal vulnerability in CentralSquare CryWolf's GeneralDocs.aspx file that allows unauthenticated attackers to read files...

A path traversal vulnerability in OpenText CX-E Voice allows attackers to access arbitrary files on the system by manipulating file paths. This affect...

This vulnerability allows attackers to perform directory traversal attacks through the downloader.php component in TOSEI online store management syste...

This path traversal vulnerability in the Ultimate Bootstrap Elements for Elementor WordPress plugin allows attackers to include local PHP files throug...

CVE-2024-42485 is a path traversal vulnerability in Filament Excel that allows unauthenticated attackers to download arbitrary files from the server v...