CWE-22: Path Traversal

This vulnerability allows remote attackers to execute arbitrary code on CS-Cart MultiVendor systems through directory traversal in zip file handling d...

An authenticated path traversal vulnerability in ArubaOS allows attackers to install unsigned packages on the underlying operating system. This enable...

This vulnerability allows authenticated users to exploit a path traversal flaw in the diagnostics data export API endpoint. Attackers can download arb...

This CVE-2024-27178 vulnerability in ToshibaTec products allows attackers to achieve remote code execution by exploiting a path traversal weakness to ...

This vulnerability allows attackers to achieve remote code execution by overwriting files through session ID manipulation. It primarily affects Toshib...

This CVE describes a path traversal vulnerability in GeoServer that allows administrators with access to the admin console to misconfigure log file lo...

This vulnerability in ESPHome's dashboard component allows authenticated attackers to read and write arbitrary files within the configuration director...

This vulnerability in the Popup Builder WordPress plugin allows administrators in Multisite WordPress configurations to perform Server-Side Request Fo...

This vulnerability in Meinberg LANTIME-Firmware's LTOS-Web-Interface allows authenticated admin users to bypass path validation controls, enabling una...

Kyocera Device Manager before version 3.1.1213.0 contains a path traversal vulnerability that allows attackers to force the application to authenticat...

This vulnerability allows authenticated remote attackers to execute arbitrary code as root on Softing edgeAggregator installations by exploiting a dir...

This vulnerability in Collabora Online's Built-in CODE Server allows attackers to overwrite files outside the designated session directory by sending ...

This vulnerability allows attackers to perform directory traversal in GibbonEdu's report template builder, enabling them to create arbitrary PHP files...

This vulnerability allows authenticated attackers to write files to arbitrary locations on the filesystem via path traversal in WebDAV functionality. ...

This vulnerability allows authenticated administrative users in VMware Aria Operations for Networks to write files to arbitrary locations, potentially...

This vulnerability allows authenticated remote users to execute arbitrary commands as root on EdgeConnect SD-WAN Orchestrator systems through the web ...

A directory traversal vulnerability in OPNsense's Captive Portal templates allows attackers to upload crafted ZIP archives that can execute arbitrary ...

CVE-2023-36220 is a directory traversal vulnerability in Textpattern CMS v4.8.8 that allows authenticated remote attackers to upload malicious plugins...

CVE-2023-23842 is a directory traversal vulnerability in SolarWinds Network Configuration Manager that allows authenticated administrative users to ex...

This CVE describes a path traversal vulnerability in the Froxlor server management panel that allows attackers to access files outside the intended di...

This CVE describes an authenticated path traversal vulnerability in ArubaOS command line interface that allows authenticated attackers to delete arbit...

Authenticated users can exploit path traversal vulnerabilities in NetModule NSRW web administration interface to upload malicious files to the web roo...

This CVE describes an authenticated directory traversal vulnerability in Lantronix PremierWave 2050's Web Manager FsMove functionality. An attacker wi...

This vulnerability allows attackers to perform zip path traversal attacks through an unsafe unzipping pattern in Teamcenter Active Workspace. Successf...

This vulnerability in the All-in-One Video Gallery WordPress plugin allows attackers to include arbitrary local files on the server through an unsanit...

The Keybase Client for Windows contains a path traversal vulnerability that allows malicious users to upload specially named files to shared folders, ...

This CVE describes a remote directory traversal vulnerability in Aruba ClearPass Policy Manager that allows attackers to access files outside the inte...

This vulnerability allows authenticated remote attackers to execute arbitrary commands as root on Cisco IOS XE devices via the web UI. Attackers can i...

This vulnerability in Racom's MIDGE Firmware allows authenticated attackers to perform directory traversal attacks, enabling arbitrary file access and...

This vulnerability allows authenticated remote attackers to bypass authentication and create arbitrary files on SolarWinds Orion Platform installation...

This directory traversal vulnerability in Cisco TelePresence video endpoint software allows authenticated attackers to read and write arbitrary files ...

CVE-2020-14028 is a path traversal vulnerability in Ozeki NG SMS Gateway's Autoreply module that allows attackers to write or overwrite arbitrary file...

CVE-2020-12827 is a path traversal vulnerability in MJML email framework versions prior to 4.6.3. Attackers can exploit the mj-include directive to re...

CVE-2019-15981 allows authenticated attackers with administrative privileges to perform directory traversal attacks through REST/SOAP API endpoints in...

OpenClaw versions before 2026.2.12 have a path traversal vulnerability where authenticated attackers can use unsanitized sessionId or sessionFile para...

CVE-2026-26960 is a path traversal vulnerability in node-tar that allows attackers to create hardlinks pointing outside the extraction directory when ...

A path traversal vulnerability in Pydantic AI's web UI allows attackers to serve malicious JavaScript by crafting URLs with unvalidated version parame...

CVE-2026-24049 is a path traversal vulnerability in Python's wheel tool (versions 0.40.0-0.46.1) that allows attackers to modify file permissions of c...

This CVE describes a symlink-based path traversal vulnerability in Backstage's Scaffolder component. Attackers with template creation/execution privil...

Docmost versions 0.21.0 through 0.23.x contain a ZipSlip vulnerability in the zip import feature that allows attackers to write arbitrary files to any...

CVE-2025-13661 is a path traversal vulnerability in Ivanti Endpoint Manager that allows authenticated remote attackers to write arbitrary files outsid...

SoftSea EPUB File Reader 1.0.0.0 contains a directory traversal vulnerability in its EPUB file processing component. Attackers can craft malicious EPU...

This path traversal vulnerability in ABB CoreSense HM and M10 devices allows attackers to access files outside the intended directory. It affects Core...

CVE-2025-56815 is a directory traversal vulnerability in Datart 1.0.0-rc.3 that allows attackers to write arbitrary files to any location on the serve...

This path traversal vulnerability in Samsung DMS allows authenticated attackers to write arbitrary files to unintended filesystem locations. Attackers...

A directory traversal vulnerability in beiyuouo arxiv-daily allows attackers to read arbitrary files on the server by manipulating the topic.yml file ...

A path traversal vulnerability in parisneo/lollms v12 allows attackers to delete arbitrary directories on the system by exploiting improper validation...

This vulnerability in YesWiki allows any authenticated user to delete arbitrary files owned by the PHP-FPM process user, potentially leading to data l...

This path traversal vulnerability in Intel Extension for Transformers allows authenticated local users to access files outside intended directories, p...

OpenRefine versions before 3.8.3 contain a path traversal vulnerability in the load-language command that allows attackers to read arbitrary JSON file...