CWE-22: Path Traversal

yshopmall V1.0 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files, potentially leading to remote code exe...

This CVE describes a directory traversal vulnerability in DotNetZip v1.16.0 and earlier that allows remote attackers to write arbitrary files outside ...

The WordPress User Extra Fields plugin contains an arbitrary file deletion vulnerability that allows unauthenticated attackers to delete any file on t...

This vulnerability in the WPLMS WordPress theme allows unauthenticated attackers to read and delete arbitrary files on the server due to insufficient ...

The WooCommerce Support Ticket System WordPress plugin has an arbitrary file deletion vulnerability that allows unauthenticated attackers to delete an...

CVE-2024-39332 is a critical path traversal vulnerability in Webswing 23.2.2 that allows remote attackers to modify client-side JavaScript to access a...

CVE-2024-41717 is a path traversal vulnerability in Kieback & Peter's DDC4000 series building automation controllers that allows unauthenticated attac...

The WordPress File Upload plugin has a path traversal vulnerability in wfu_file_downloader.php that allows unauthenticated attackers to read or delete...

Mecha CMS 3.0.0 has a directory traversal vulnerability that allows attackers to bypass authentication checks via manipulated cookies and URIs. This e...

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function that allows attackers to uplo...

This vulnerability in the WP Job Portal WordPress plugin allows unauthenticated attackers to execute arbitrary PHP code on the server through local fi...

This vulnerability allows attackers to perform directory traversal attacks via specially crafted requests in EQ Enterprise Management System. Attacker...

CVE-2024-45256 is an unauthenticated arbitrary file write vulnerability in BYOB 2.0 that allows attackers to overwrite SQLite database files, leading ...

This vulnerability in openHAB's CometVisu add-on allows unauthenticated attackers to overwrite files via path traversal. If shell scripts are overwrit...

CVE-2024-28698 is a critical directory traversal vulnerability in CSLA .NET's MobileFormatter component that allows remote attackers to execute arbitr...

CVE-2024-6164 is a critical Local File Inclusion vulnerability in the Filter & Grids WordPress plugin that allows unauthenticated attackers to include...

This vulnerability in PHPVibe v11.0.46 allows attackers to bypass directory traversal protections through incomplete blacklist checks, enabling them t...

A path traversal vulnerability in PyTorch Lightning's /v1/runs API endpoint allows attackers to write arbitrary files anywhere on the local filesystem...

An unauthenticated remote code execution vulnerability in Progress WhatsUp Gold allows attackers to execute arbitrary commands with IIS application po...

This vulnerability in VPL Jail System allows attackers to perform directory traversal attacks by sending specially crafted requests to a public endpoi...

This vulnerability in Virto Bulk File Download for SharePoint allows attackers to download and delete arbitrary files on the server via path traversal...

This vulnerability allows attackers to upload malicious files to the root directory of Adminer/AdminerEvo installations using a directory traversal te...

This CVE describes a path traversal vulnerability (CWE-22) in ToshibaTec products that allows remote command execution when combined with other vulner...

This CVE describes a path traversal vulnerability (CWE-22) in Toshiba printers' admin web interface that allows file uploads to overwrite arbitrary fi...

This path traversal vulnerability in the lollms-webui's codeguard personality allows attackers to read and overwrite arbitrary files on the system by ...

This CVE describes a directory traversal vulnerability in CubeCart that allows attackers to upload malicious files to arbitrary locations on the serve...

CVE-2024-27776 is a critical path traversal vulnerability in MileSight DeviceHub that allows unauthenticated attackers to execute arbitrary code on af...

This path traversal vulnerability in Apache OFBiz allows attackers to access files outside the intended directory by manipulating file paths. It affec...

This is a critical directory traversal vulnerability in LG Simple Editor that allows unauthenticated remote attackers to write arbitrary files and exe...

A directory traversal vulnerability in TaoCMS v3.0.2 allows remote attackers to write arbitrary files via the include/model/file.php component. This c...

A directory traversal vulnerability in DerbyNet v9.0 allows remote attackers to execute arbitrary code via the 'page' parameter in kiosk.php. This aff...

This path traversal vulnerability in CData API Server's Java version allows unauthenticated remote attackers to bypass security controls and gain admi...

This critical vulnerability allows unauthenticated attackers to upload and execute arbitrary files on Veritas NetBackup systems by exploiting improper...

A privilege escalation vulnerability in Jeewms versions 3.7 and earlier allows remote attackers to bypass authentication controls via the AuthIntercep...

F-logic DataCube3 v1.0 has an improper directory access restriction vulnerability that allows unauthenticated remote attackers to access configuration...

This vulnerability allows attackers to perform path traversal attacks on Atos Unify OpenScape Xpressions WebAssistant V7 systems. Attackers can potent...

This CVE describes a critical directory traversal vulnerability in Stimulsoft Dashboard.JS that allows remote attackers to execute arbitrary code by s...

This vulnerability allows remote attackers to execute arbitrary code on Sharp NEC displays by sending specially crafted HTTP requests with unintended ...

CVE-2024-24482 is a path traversal vulnerability in Apktool on Windows that allows attackers to write files outside intended directories using '../' s...

CVE-2024-23827 is a critical path traversal vulnerability in Nginx-UI's Import Certificate feature that allows attackers to write arbitrary files to t...

This vulnerability in Jenkins allows unauthenticated attackers to read arbitrary files on the Jenkins controller file system by exploiting a CLI comma...

This vulnerability in the Essential Blocks WordPress plugin allows unauthenticated attackers to overwrite local variables when rendering templates via...

A path traversal vulnerability in go-git versions before v5.11 allows attackers to create and modify files anywhere on the filesystem when using Chroo...

This path traversal vulnerability allows attackers to access files outside the intended directory by manipulating file paths. It affects İzmir Katip ...

This vulnerability in the Hotel Booking Lite WordPress plugin allows unauthenticated attackers to download and delete arbitrary files on the server du...

A path traversal vulnerability in elijaa/phpmemcachedadmin version 1.3.0 allows attackers to delete arbitrary files on the server by manipulating user...

Arcserve UDP versions before 9.2 contain a path traversal vulnerability in the FileHandlingServlet that allows unauthenticated remote attackers to upl...

This vulnerability allows path traversal attacks in Node.js when using non-Buffer Uint8Array objects with fs module functions. Attackers can potential...

SeaCMS V12.9 contains an arbitrary file write vulnerability in admin_smtp.php that allows attackers to write malicious files to the server. This affec...

SeaCMS V12.9 contains an arbitrary file write vulnerability in admin_notify.php that allows attackers to write malicious files to the server. This aff...