CWE-22: Path Traversal

This directory traversal vulnerability in Mercury MAC1200R routers allows attackers to read arbitrary files on the device by manipulating web-static/ ...

CVE-2023-31861 is a directory traversal vulnerability in ZLMediaKit 4.0 that allows attackers to read arbitrary files outside the intended directory. ...

This vulnerability in PrestaShop's customexporter module allows attackers to bypass access controls and download sensitive files via the download.php ...

CVE-2023-26126 is a directory traversal vulnerability in the m.static npm package that allows attackers to read arbitrary files on the server by manip...

This path traversal vulnerability in Ivanti Avalanche allows attackers to access arbitrary files on the server by manipulating file path parameters. I...

This path traversal vulnerability in WJJ Software's InnoKB Server and InnoKB/Console allows attackers to access files outside the intended directory b...

CVE-2023-32235 is a directory traversal vulnerability in Ghost CMS that allows remote attackers to read arbitrary files within the active theme's fold...

This vulnerability allows attackers to perform directory traversal attacks on the Digital Receptie virtual reception software's embedded web server. B...

CVE-2022-48482 is a directory traversal vulnerability in 3CX phone management software that allows unauthenticated remote attackers to read sensitive ...

This vulnerability allows attackers to perform directory traversal attacks via crafted tar archives in Cauldron cbang's tar extraction functionality. ...

CVE-2023-25652 is a path traversal vulnerability in Git's `git apply --reject` command that allows attackers to write partially controlled content to ...

CVE-2023-30620 is a path traversal vulnerability in mindsdb's tarball extraction that allows attackers to write files to arbitrary locations on the se...

This path traversal vulnerability in Progress Flowmon Packet Investigator allows authenticated users to access arbitrary files on the local filesystem...

This vulnerability allows remote attackers to read arbitrary files on the server through a Local File Inclusion flaw in the test.php file of the sprea...

CVE-2022-34126 is a directory traversal vulnerability in the Activity plugin for GLPI that allows attackers to read local files on the server. This af...

CVE-2023-26969 is a directory traversal vulnerability in Atropim 1.5.26 that allows attackers to access files outside the intended directory. This aff...

CVE-2023-26820 is a path traversal vulnerability in siteproxy v1.0 that allows attackers to read arbitrary files on the server by manipulating file pa...

This vulnerability in Delta Electronics InfraSuite Device Master allows attackers to bypass authentication and retrieve sensitive system files and cre...

CVE-2023-25803 is a directory traversal vulnerability in Roxy-WI web interface that allows attackers to read arbitrary server-side files. This affects...

This vulnerability allows attackers to perform directory traversal attacks on web servers using @nubosoftware/node-static or node-static packages. By ...

CVE-2022-47762 is a path traversal vulnerability in gin-vue-admin's download module that allows attackers to read arbitrary files from the server file...

Serenissima Informatica Fast Checkin 1.0 contains a directory traversal vulnerability (CWE-22) that allows attackers to access files outside the inten...

This vulnerability in QR Code Generator v5.2.7 allows attackers to perform directory traversal through the process.php component. Attackers can read a...

This vulnerability allows attackers to read arbitrary files on the server through absolute path traversal in the piaoyunsoft/bt_lnmp repository. It af...

CVE-2022-35410 is a path traversal vulnerability in mat2 (metadata anonymization toolkit) that allows attackers to access sensitive files outside the ...

This vulnerability in Jenkins Pipeline: Input Step Plugin allows attackers with Pipeline configuration permissions to write arbitrary files on the Jen...

The Jenkins Embeddable Build Status Plugin before version 2.0.4 has a path traversal vulnerability that allows attackers without proper permissions to...

This path traversal vulnerability in Devolutions Remote Desktop Manager allows attackers to create or overwrite arbitrary files on the system by manip...

CVE-2022-31372 is a path traversal vulnerability in Wiris Mathtype v7.28.0 that allows attackers to access arbitrary files on the server by manipulati...

CVE-2022-24278 is a directory traversal vulnerability in convert-svg-core that allows attackers to read arbitrary files on the server by uploading spe...

CVE-2022-23082 is a path traversal vulnerability in CureKit versions v1.0.1 through v1.1.3 where the isFileOutsideDir function fails to properly sanit...

This vulnerability in ginadmin allows attackers to perform directory traversal attacks by manipulating path inputs without proper filtering. It affect...

MasaCMS 7.2.1 contains a path traversal vulnerability in the image asset API endpoint that allows attackers to read arbitrary files from the server fi...

This CVE describes a path traversal vulnerability in Sinatra web framework versions before 2.2.0. It allows attackers to bypass directory restrictions...

CVE-2022-29967 is a directory traversal vulnerability in Glewlwyd's static_compressed_inmemory_website_callback.c component that allows attackers to a...

This vulnerability allows unauthenticated attackers to perform directory traversal attacks on Franklin Fueling Systems TS-550 evo devices, potentially...

CVE-2021-35250 is a directory traversal vulnerability in SolarWinds Serv-U FTP server that allows attackers to access files outside the intended direc...

This vulnerability in the Videos sync PDF WordPress plugin allows attackers to read arbitrary files on the server through Local File Inclusion (LFI). ...

CVE-2022-24424 is a path traversal vulnerability in Dell EMC AppSync that allows remote unauthenticated attackers to read arbitrary files on the serve...

This vulnerability allows unauthenticated attackers to download arbitrary files from WordPress servers running the Simple File List plugin. Attackers ...

This vulnerability allows an attacker who has compromised a GoCD agent to upload malicious files to arbitrary directories on the GoCD server, though t...

CVE-2022-27279 is an arbitrary file read vulnerability in InHand Networks InRouter 900 Industrial 4G Router firmware. It allows attackers to read sens...

CVE-2021-30497 is an absolute path traversal vulnerability in Ivanti Avalanche (Premise) that allows unauthenticated remote attackers to read arbitrar...

CVE-2021-44138 is a directory traversal vulnerability in Caucho Resin web servers that allows attackers to read arbitrary files by using semicolons in...

CVE-2022-26233 is a directory traversal vulnerability in Barco Control Room Management Suite that allows attackers to access sensitive files and compo...

This vulnerability allows directory traversal attacks in the rc-httpd component of 9front (a Plan 9 fork) when serve-static is used. Attackers can acc...

This vulnerability allows attackers to perform path traversal attacks by uploading specially crafted tar archives to Joomla! installations. When extra...

This directory traversal vulnerability in Hiby Music Hiby OS allows attackers to access arbitrary files on the device's filesystem via the HTTP server...

CVE-2022-23347 is a directory traversal vulnerability in BigAnt Server that allows attackers to access files outside the intended directory. This affe...

CVE-2022-25249 is a directory traversal vulnerability in Axeda agent and Axeda Desktop Server for Windows that allows remote unauthenticated attackers...