CWE-22: Path Traversal

CVE-2023-6015 is a path traversal vulnerability in MLflow that allows attackers to upload arbitrary files to any location on the server's filesystem. ...

This vulnerability is a path traversal flaw in MLeap's FileUtil.extract() function that allows attackers to write arbitrary files outside the intended...

CVE-2023-36667 is a directory traversal vulnerability in Couchbase Server that allows attackers to access files outside the intended directory. This a...

This CVE describes a path traversal vulnerability in Kyocera TASKalfa 4053ci printers that allows attackers to cause denial of service via specially c...

This vulnerability allows remote attackers to read arbitrary files on Peppermint Ticket Management servers through directory traversal in file downloa...

CVE-2023-27170 is a directory traversal vulnerability in Xpand IT Write-back manager v2.3.1 that allows attackers to access files outside the intended...

This vulnerability allows unauthenticated attackers to perform path traversal attacks in the 'Product Catalog Export PRO' module for PrestaShop. Attac...

CVE-2023-42488 is a path traversal vulnerability in EisBaer Scada software that allows attackers to access files outside the intended directory. This ...

Artifact Hub versions before 1.16.0 contain a path traversal vulnerability where symbolic links in git repositories can be exploited to read arbitrary...

A directory traversal vulnerability in Valve Counter-Strike 8684 allows clients with remote control access to read arbitrary files from the game serve...

This path traversal vulnerability in QNAP operating systems allows authenticated users to read arbitrary files outside intended directories via networ...

This vulnerability allows authenticated remote attackers to perform directory traversal attacks on Siemens CP-8031 and CP-8050 MASTER MODULE devices v...

CVE-2023-26152 is a directory traversal vulnerability in the static-server npm package that allows attackers to read arbitrary files outside the inten...

CVE-2023-42487 is a path traversal vulnerability in Soundminer that allows attackers to access files outside the intended directory. This affects syst...

CVE-2023-42280 is a directory traversal vulnerability in mee-admin 1.5 that allows attackers to read arbitrary files on the server. This affects syste...

CVE-2023-32558 allows attackers to bypass Node.js's experimental permission model using the deprecated process.binding() API, enabling path traversal ...

Jeecg Boot up to version 3.5.3 contains an arbitrary file read vulnerability in the /testConnection interface. This allows attackers to read sensitive...

CVE-2023-39584 is an arbitrary file read vulnerability in Hexo static site generator that allows attackers to read sensitive files from the server fil...

CVE-2023-4616 is a path traversal vulnerability in LG LED Assistant that allows unauthenticated remote attackers to read arbitrary files on the system...

CVE-2023-40827 is a path traversal vulnerability in pf4j plugin framework versions 3.9.0 and earlier that allows remote attackers to read arbitrary fi...

This CVE describes a directory traversal vulnerability in FileMage Gateway Windows deployments that allows remote attackers to read sensitive files on...

CVE-2023-39141 is a path traversal vulnerability in webui-aria2 that allows attackers to read arbitrary files on the server. This affects systems runn...

This directory traversal vulnerability in Zola's built-in web server allows attackers to read arbitrary files outside the webroot directory. Anyone us...

CVE-2023-39964 is an arbitrary file read vulnerability in 1Panel server management panel that allows attackers to read sensitive configuration files o...

This directory traversal vulnerability in Foswiki's SpreadSheetPlugin allows attackers to access files outside the intended directory structure. It af...

This vulnerability allows attackers to perform directory traversal attacks by exploiting insufficient parameter validation in Foswiki's Sandbox compon...

An unauthenticated path traversal vulnerability in ZKTeco BioTime's iclock API allows attackers to read arbitrary files on the system by sending speci...

CVE-2023-0956 is a path traversal vulnerability in TEL-STER TelWin SCADA WebInterface that allows unauthenticated attackers to read arbitrary files on...

An unauthenticated path traversal vulnerability in Suprema BioStar 2 allows attackers to read arbitrary files from the web server. This affects BioSta...

This CVE describes a path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 that allows unauthenticated attackers to read arbitrary files on the ...

This path traversal vulnerability in Tadiran Telecom Aeonix allows attackers to access files outside the intended directory by manipulating file paths...

CVE-2022-31457 is a directory traversal vulnerability in RTX TRAP v1.0 that allows attackers to access arbitrary files on the server by sending specia...

The Jupiter X Core WordPress plugin (premium version) contains a path traversal vulnerability that allows unauthenticated attackers to download arbitr...

This vulnerability allows unauthenticated attackers to perform path traversal attacks in the 'ultimateimagetool' PrestaShop module, enabling them to d...

Office Suite Premium v10.9.1.42602 contains a local file inclusion vulnerability via the /etc/hosts component. This allows attackers to read arbitrary...

This vulnerability in SteelSeries GG gaming software allows attackers to exploit an open API listener to create and execute malicious sub-applications...

CVE-2023-37474 is a path traversal vulnerability in Copyparty file server versions before 1.8.2 that allows attackers to access files outside the web ...

This path traversal vulnerability in Bullwark security systems allows attackers to access files outside the intended directory by manipulating file pa...

This CVE describes a path traversal vulnerability in FortiExtender management interfaces that allows unauthenticated remote attackers to read arbitrar...

CVE-2023-36827 is a path traversal vulnerability in Fides privacy engineering platform that allows remote attackers to read arbitrary files on the web...

This vulnerability allows remote attackers to read sensitive files on Gira KNX/IP-Router devices via directory traversal attacks in the web interface ...

CVE-2023-35843 is a path traversal vulnerability in NocoDB that allows unauthenticated attackers to access arbitrary files on the server by manipulati...

This vulnerability allows an attacker who controls external Suricata rules to perform directory traversal attacks, potentially writing arbitrary files...

This vulnerability in Lightdash allows attackers to perform directory traversal attacks through insecure file endpoints. Attackers can access arbitrar...

CVE-2023-34407 is a directory traversal vulnerability in Harbinger Offline Player's OfflinePlayerService.exe that allows attackers to access arbitrary...

CVE-2023-27639 is a directory traversal vulnerability in the tshirtecommerce (Custom Product Designer) component for PrestaShop that allows remote att...

A directory traversal vulnerability in Starlette web framework allows unauthenticated remote attackers to access files outside the intended web root d...

This directory traversal vulnerability in Mercury MAC1200R routers allows attackers to read arbitrary files on the device by manipulating web-static/ ...

CVE-2023-31861 is a directory traversal vulnerability in ZLMediaKit 4.0 that allows attackers to read arbitrary files outside the intended directory. ...

This vulnerability in PrestaShop's customexporter module allows attackers to bypass access controls and download sensitive files via the download.php ...