CWE-22: Path Traversal

This CVE describes a path traversal vulnerability in Micronaut framework versions prior to 2.5.9. Attackers can access arbitrary files on the filesyst...

CVE-2021-33807 is a directory traversal vulnerability in Cartadis Gespage up to version 8.2.1, allowing attackers to access arbitrary files on the ser...

This CVE describes a path traversal vulnerability in QSAN Storage Manager that allows remote unauthenticated attackers to download arbitrary files by ...

CVE-2021-32516 is a path traversal vulnerability in QSAN Storage Manager's share_link function that allows remote attackers to download arbitrary file...

This path traversal vulnerability in Dovecot allows attackers with local filesystem access to bypass OAuth2 authentication by tricking the system into...

This path traversal vulnerability in Synology DiskStation Manager's webapi component allows remote attackers to write arbitrary files to restricted di...

CVE-2021-31538 is a path traversal vulnerability in LANCOM R&S Unified Firewall devices that allows attackers to access files outside the intended dir...

This directory traversal vulnerability in Kyocera d-COPIA253MF plus printers allows attackers to access arbitrary files on the server filesystem. Atta...

This vulnerability allows remote attackers to perform directory traversal attacks on Invigo Automatic Device Management (ADM) systems. By exploiting t...

This vulnerability allows remote attackers to perform directory traversal via the /admin/search_by.php script in Invigo Automatic Device Management (A...

This directory traversal vulnerability in Apache Ambari allows malicious users to construct file names that escape intended directories, enabling unau...

This vulnerability allows directory traversal attacks in AfterLogic Aurora and WebMail Pro, enabling attackers to read sensitive files like settings.x...

This CVE describes a path traversal vulnerability in the Metasys Reporting Engine (MRE) Web Services that allows remote unauthenticated attackers to a...

CVE-2021-20354 is a directory traversal vulnerability in IBM WebSphere Application Server that allows remote attackers to read arbitrary files on the ...

CVE-2021-22857 is a directory traversal vulnerability in the CGE page download function that allows attackers to download arbitrary system files. This...

CVE-2021-22656 is a directory traversal vulnerability in Advantech iView that allows attackers to read sensitive files outside the intended directory....

This directory traversal vulnerability in yccms 3.3 allows attackers to delete arbitrary files on the server by manipulating request parameters in del...

A path traversal vulnerability in DH2i's DxWebEngine component allows attackers to read arbitrary files on the host system via crafted HTTP requests. ...

CVE-2020-27859 is an unauthenticated path traversal vulnerability in NEC ESMPRO Manager that allows remote attackers to read arbitrary files on the sy...

CVE-2020-19360 is a local file inclusion vulnerability in FHEM 6.0 that allows attackers to read arbitrary files on the server through the fhem/FileLo...

This vulnerability in Archive_Tar allows attackers to write files outside the intended extraction directory via directory traversal in symbolic link h...

CVE-2020-13449 is a directory traversal vulnerability in Gotenberg's Markdown engine that allows attackers to read arbitrary files from the container ...

This directory traversal vulnerability in MiniCMS V1.10 allows remote attackers to read arbitrary files on the server by manipulating the state parame...

CVE-2020-35736 is an unauthenticated directory traversal vulnerability in GateOne web-based terminal emulator that allows attackers to download arbitr...

CVE-2020-35284 is a path traversal vulnerability in FlamingoIM that allows attackers to read arbitrary files on the server. This occurs because file-t...

This directory traversal vulnerability in ACS Advanced Comment System 1.0 allows attackers to read arbitrary files on the server by manipulating the A...

This vulnerability in Trend Micro InterScan Web Security Virtual Appliance allows attackers to bypass authorization checks for anonymous users by mani...

CVE-2020-5683 is a directory traversal vulnerability in GROWI wiki software that allows remote attackers to upload specially crafted files to arbitrar...

This path traversal vulnerability in Schneider Electric Modicon PLC web servers allows attackers to access restricted files by sending specially craft...

This vulnerability in HashiCorp go-slug allows attackers to bypass directory traversal protections when unpacking tar archives using specially crafted...

CVE-2020-28993 is a directory traversal vulnerability in ATX miniCMTS200a Broadband Gateway and Pico CMTS devices that allows unauthenticated attacker...

CVE-2020-28574 is an unauthenticated path traversal vulnerability in Trend Micro Worry-Free Business Security 10 SP1 that allows remote attackers to d...

This vulnerability allows unauthenticated attackers with network access to download any files from the /etc directory on BASETech IP cameras. It affec...

CVE-2020-7763 is a path traversal vulnerability in phantom-html-to-pdf that allows attackers to read arbitrary files on the server. This affects appli...

CVE-2020-7758 is a path traversal vulnerability in browserless-chrome that allows attackers to read arbitrary files on the server. This affects all us...

CVE-2020-9368 is a directory traversal vulnerability in the Olea Gift On Order module for PrestaShop that allows unauthenticated attackers to read arb...

CVE-2020-24990 is a directory traversal vulnerability in QSC Q-SYS Core Manager that allows remote attackers to read sensitive operating system files ...

CVE-2020-14864 is a local file inclusion vulnerability in Oracle Business Intelligence Enterprise Edition that allows unauthenticated attackers to rea...

This path traversal vulnerability in IBM Curam Social Program Management allows remote attackers to access arbitrary files on the server by manipulati...

CVE-2020-24219 is an unauthenticated path traversal vulnerability in URayTech/HiSilicon video encoders that allows attackers to read any file from the...

This CVE describes a directory traversal vulnerability in Erlang/OTP's inets httpd application. An attacker can send specially crafted HTTP requests t...

This vulnerability allows unauthenticated attackers to perform directory traversal attacks via the DownloadServlet class in HPE Pay Per Use Utility Co...

This CVE describes a directory traversal vulnerability in Hyland OnBase that allows attackers to write files to arbitrary locations on the server. Att...

This vulnerability in pip allows directory traversal attacks when installing packages from URLs. Attackers can overwrite arbitrary files on the system...

CVE-2020-25068 is a local file inclusion vulnerability in Setelsa Conacwin access control software that allows remote unauthenticated attackers to rea...

This vulnerability in the u-root uzip package allows attackers to perform path traversal attacks during zip file extraction, potentially writing files...

CVE-2020-7669 is a path traversal vulnerability in the tarutil package of u-root that allows attackers to write files outside the intended extraction ...

CVE-2020-15641 is a path traversal vulnerability in Marvell QConvergeConsole that allows unauthenticated remote attackers to read arbitrary files on t...

CVE-2020-24368 is a directory traversal vulnerability in Icinga Web2 that allows attackers to read arbitrary files accessible by the Icinga Web2 proce...

CVE-2020-8209 is an improper access control vulnerability in Citrix XenMobile Server that allows attackers to read arbitrary files on the system. This...