CWE-22: Path Traversal

A path traversal vulnerability in parisneo/lollms v12 allows attackers to delete arbitrary directories on the system by exploiting improper validation...

This vulnerability in YesWiki allows any authenticated user to delete arbitrary files owned by the PHP-FPM process user, potentially leading to data l...

This path traversal vulnerability in Intel Extension for Transformers allows authenticated local users to access files outside intended directories, p...

OpenRefine versions before 3.8.3 contain a path traversal vulnerability in the load-language command that allows attackers to read arbitrary JSON file...

CVE-2024-45178 is a path traversal vulnerability in za-internet C-MOR Video Surveillance 5.2401 that allows authenticated attackers to download arbitr...

This path traversal vulnerability in the MakeStories WordPress plugin allows attackers to read arbitrary files on the server and perform server-side r...

This CVE describes a path traversal vulnerability in the Booking Ultra Pro WordPress plugin that allows attackers to include arbitrary local PHP files...

ZKTeco ZKBio CVSecurity 6.1.1 has a directory traversal vulnerability in the BaseMediaFile component that allows authenticated users to delete arbitra...

This vulnerability allows attackers to read arbitrary files on the server through path traversal in the Ultimate Addons for WPBakery Page Builder Word...

This path traversal vulnerability in the Shortcodes Ultimate WordPress plugin allows attackers to download arbitrary files from the server by manipula...

CVE-2024-31552 is an arbitrary file download vulnerability in CuteHttpFileServer v3.1 that allows attackers to download any file from the server files...

This path traversal vulnerability in Ivanti Avalanche's web component allows authenticated remote attackers to delete specific files or cause denial o...

This CVE describes a path traversal vulnerability in macOS that allows malicious applications to overwrite arbitrary files on the system. It affects m...

A path traversal vulnerability in Blesta's upload directory allows attackers to access files outside intended boundaries. This can lead to account tak...

CVE-2024-1163 is a path traversal vulnerability in mapshaper that allows attackers to access files outside the intended directory, potentially exposin...

This vulnerability allows local attackers or those who bypass CORS restrictions to execute arbitrary code with the privileges of the Arduino Create Ag...

CVE-2023-25303 is a directory traversal vulnerability in ATLauncher that allows attackers to create arbitrary files outside the installation directory...

This vulnerability allows authenticated non-admin users to delete or overwrite arbitrary files on systems running vulnerable versions of Dell SupportA...

CVE-2021-26619 is a path traversal vulnerability in BigFileAgent that allows remote attackers to delete arbitrary files on affected systems. This can ...

This path traversal vulnerability in Bitdefender GravityZone's UpdateServer component allows attackers to escape restricted directories and execute ar...

This vulnerability allows remote unauthenticated attackers to perform path traversal attacks on Netgear RAX35, RAX38, and RAX40 routers, enabling acce...

Dell SupportAssist Client Consumer versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability. Attackers can exploit NTFS symbolic li...

A directory traversal vulnerability in Archive collectively operation utility allows attackers to create or overwrite files anywhere on the system by ...

This vulnerability in NETGEAR ProSAFE Network Management System allows authenticated attackers to bypass authentication and delete arbitrary files via...

This CVE describes an authenticated Local File Inclusion vulnerability in Pimcore's CustomReportController. An authenticated user can exploit unsaniti...

This path traversal vulnerability in GitLab's package upload functionality allows authenticated attackers to save packages to arbitrary locations on t...

This vulnerability in MariaDB's mariadb-dump utility allows remote attackers to execute arbitrary code via directory traversal in view names. Attacker...

This vulnerability allows attackers to perform path traversal attacks on HYPR Workforce Access for Windows by exploiting improper input validation. It...

This vulnerability in Azure Arc-enabled servers allows authenticated attackers to elevate privileges to SYSTEM/root level on affected machines. It aff...

This vulnerability allows local users on Windows systems to write arbitrary files via a relative path vulnerability in the Netskope client service, wh...

This directory traversal vulnerability in SAP S/4HANA Bank Communication Management allows authenticated attackers with high privileges to access sens...

This path traversal vulnerability in Adobe Commerce allows high-privileged attackers to bypass security restrictions and access files or directories o...

CVE-2025-14728 is a directory traversal vulnerability in Rapid7 Velociraptor on Linux servers that allows rogue clients to write files outside the des...

Grav CMS versions before 1.8.0-beta.27 contain a path traversal vulnerability in the backup tool that allows authenticated administrators to read arbi...

This CVE describes a path traversal vulnerability in Frappe web framework that allows attackers to retrieve arbitrary files from the server if the ful...

This path traversal vulnerability in Visual Studio Code CoPilot Chat Extension allows an authorized local attacker to access files outside the intende...

This CVE describes a Path Traversal vulnerability in SAP Business Connector that allows authenticated administrators with adjacent access to manipulat...

This vulnerability allows system administrators in Mattermost to perform path traversal attacks by manipulating template file destination paths. Attac...

This vulnerability allows restricted admin users in Mattermost to install unauthorized custom plugins via path traversal during plugin imports. It byp...

The Woffice Core WordPress plugin allows authenticated attackers with Contributor-level access or higher to delete arbitrary server files due to insuf...

This vulnerability allows system administrators in Mattermost to read arbitrary files on the server through path traversal in bulk import JSONL files....

A path traversal vulnerability in the DFS module allows attackers to access files outside the intended directory. This affects Huawei products using t...

This vulnerability in HPE Aruba ClearPass Policy Manager allows authenticated high-privilege attackers to access sensitive directories through the web...

Uptime Kuma has an improper URL handling vulnerability that allows authenticated attackers to read sensitive local files on the server. By exploiting ...

The BackWPup WordPress plugin up to version 4.0.1 contains a directory traversal vulnerability in the job-specific backup folder configuration. Authen...

The Photo Gallery by 10Web WordPress plugin has a path traversal vulnerability in the esc_dir function that allows authenticated attackers to copy arb...

OpenClaw versions 2026.1.12 through 2026.2.12 contain a path traversal vulnerability in browser download helpers that allows authenticated attackers t...

This path traversal vulnerability in Dell iDRAC9 and iDRAC10 allows authenticated high-privilege attackers to access restricted directories. Attackers...

A relative path traversal vulnerability in Samsung Knox Enterprise allows local attackers to execute arbitrary code by manipulating file paths. This a...

A path traversal vulnerability in ONLYOFFICE Document Server allows remote attackers to copy arbitrary files by manipulating the fileExt parameter in ...