CWE-22: Path Traversal

A path traversal vulnerability in Samsung Notes allows local attackers to execute arbitrary code by manipulating file paths. This affects Samsung Note...

This critical vulnerability in ZZCMS 2023 allows remote attackers to perform path traversal attacks via the skin[] parameter in /admin/class.php?dowha...

This CVE describes a path traversal vulnerability (CWE-22) in Schneider Electric software that allows authenticated users to execute malicious code by...

This CVE describes a vulnerability in Git that allows attackers to bypass security protections when cloning repositories from untrusted sources. Speci...

This vulnerability in Zscaler Client Connector (ZSATray) allows path traversal attacks by improperly validating the 'previousInstallerName' parameter....

This path traversal vulnerability in Intel oneAPI Toolkits allows authenticated users with local access to potentially escalate privileges by manipula...

SharpZipLib versions before 1.3.3 contain a path traversal vulnerability in TAR file extraction. Attackers can craft malicious TAR archives with '../'...

CVE-2021-41127 is a path traversal vulnerability in Rasa's model loading functionality that allows attackers to overwrite or replace bot files by craf...

CVE-2021-23391 is a path traversal vulnerability in the Calipso package that allows malicious modules to overwrite arbitrary files during installation...

A local privilege escalation vulnerability in Cisco Webex Meetings Desktop App for Windows allows attackers to execute arbitrary code when deployed in...

CVE-2026-30958 is an unauthenticated path traversal vulnerability in OneUptime's workflow documentation endpoint that allows attackers to read arbitra...

The Meta Box WordPress plugin has an arbitrary file deletion vulnerability that allows authenticated attackers with Contributor-level access or higher...

This vulnerability in Vikunja allows attackers to overwrite arbitrary files on the host system by uploading a malicious ZIP archive during configurati...

CVE-2026-25951 is a path traversal vulnerability in FUXA web-based SCADA/HMI software that allows authenticated administrators to bypass directory pro...

Quick.Cart e-commerce software contains a Local File Inclusion and Path Traversal vulnerability in its theme selection mechanism. This allows authenti...

CVE-2022-50939 is a critical file upload vulnerability in e107 CMS version 3.2.1 that allows authenticated administrators to overwrite arbitrary serve...

This vulnerability allows high-privileged attackers to execute arbitrary operating system commands on WaveStore Server through path traversal in the s...

This vulnerability allows attackers with database write access to craft malicious entry names containing absolute paths or directory traversal sequenc...

This vulnerability in Synology's portenable CGI allows authenticated remote users to query the status of installed packages. This information disclosu...

The Modula Image Gallery WordPress plugin versions 2.13.1 to 2.13.2 contain an arbitrary file deletion vulnerability due to insufficient file path val...

A path traversal vulnerability in WXR9300BE6P series firmware allows authenticated administrative users to alter arbitrary files, potentially leading ...

This vulnerability allows authenticated WordPress administrators to delete arbitrary files on the server due to insufficient path validation in the Ha...

This path traversal vulnerability allows authenticated administrators to upload malicious files that can be executed remotely, leading to remote code ...

A path traversal vulnerability in PowerCMS backup/restore feature allows product administrators to execute arbitrary code by restoring malicious backu...

This path traversal vulnerability in Samsung MagicINFO 9 Server allows attackers to escape restricted directories and inject malicious code. It affect...

This path traversal vulnerability in Zyxel NWA50AX PRO access points allows authenticated administrators to delete critical files like configuration f...

An authenticated local file inclusion vulnerability in Microweber CMS allows authenticated users to read arbitrary files from the filesystem. Attacker...

This vulnerability allows authenticated administrators in Mitel OpenScape Accounting Management to conduct path traversal attacks due to insufficient ...

This path traversal vulnerability allows authenticated users on a web server to write arbitrary files by manipulating file paths. It affects Schneider...

This vulnerability in MyBB forum software allows attackers to perform local file inclusion (LFI) through improper input validation in the upgrade comp...

The Newsletters plugin for WordPress contains a Local File Inclusion vulnerability that allows authenticated attackers with Administrator privileges t...

This vulnerability allows authenticated WordPress administrators to perform Local File Inclusion attacks via the File Manager Advanced Shortcode plugi...

The WPMasterToolKit WordPress plugin contains a directory traversal vulnerability that allows authenticated attackers with Administrator privileges to...

The WP Editor WordPress plugin allows authenticated attackers with Administrator privileges to overwrite arbitrary files on the server due to missing ...

This vulnerability allows authenticated users of Kentico Xperience's Staging Sync Server to upload arbitrary files to path-relative locations via path...

CVE-2024-7034 allows attackers to write arbitrary files on systems running vulnerable open-webui versions by exploiting directory traversal in file up...

This vulnerability in Siemens SCALANCE LPE9403 industrial routers allows authenticated high-privilege attackers to read and write arbitrary files via ...

This path traversal vulnerability in Ixia/IxNetwork products allows device administrators to upload malicious files to arbitrary locations, potentiall...

This vulnerability allows authenticated WordPress administrators to delete arbitrary files on the server due to insufficient path validation in the Da...

This vulnerability allows remote authenticated attackers with admin privileges to execute arbitrary code on Ivanti EPM systems by exploiting an unboun...

This path traversal vulnerability in Fortinet FortiManager and FortiAnalyzer allows attackers to execute arbitrary code or commands via specially craf...

This vulnerability allows attackers to perform path traversal attacks in the Checkout Mestres WP WordPress plugin, potentially leading to local file i...

Infinera TNMS 19.10.3 has an insecure default SFTP server configuration that allows attackers to traverse outside the designated user home directory. ...

This vulnerability allows remote attackers to execute arbitrary code on CS-Cart MultiVendor systems through directory traversal in zip file handling d...

An authenticated path traversal vulnerability in ArubaOS allows attackers to install unsigned packages on the underlying operating system. This enable...

This vulnerability allows authenticated users to exploit a path traversal flaw in the diagnostics data export API endpoint. Attackers can download arb...

This CVE-2024-27178 vulnerability in ToshibaTec products allows attackers to achieve remote code execution by exploiting a path traversal weakness to ...

This vulnerability allows attackers to achieve remote code execution by overwriting files through session ID manipulation. It primarily affects Toshib...

This CVE describes a path traversal vulnerability in GeoServer that allows administrators with access to the admin console to misconfigure log file lo...

This vulnerability in ESPHome's dashboard component allows authenticated attackers to read and write arbitrary files within the configuration director...