CWE-22: Path Traversal

The BackWPup WordPress plugin up to version 4.0.1 contains a directory traversal vulnerability in the job-specific backup folder configuration. Authen...

The Photo Gallery by 10Web WordPress plugin has a path traversal vulnerability in the esc_dir function that allows authenticated attackers to copy arb...

OpenClaw versions 2026.1.12 through 2026.2.12 contain a path traversal vulnerability in browser download helpers that allows authenticated attackers t...

This path traversal vulnerability in Dell iDRAC9 and iDRAC10 allows authenticated high-privilege attackers to access restricted directories. Attackers...

A relative path traversal vulnerability in Samsung Knox Enterprise allows local attackers to execute arbitrary code by manipulating file paths. This a...

A path traversal vulnerability in ONLYOFFICE Document Server allows remote attackers to copy arbitrary files by manipulating the fileExt parameter in ...

Dell Inventory Collector versions before 12.3.0.6 contain a path traversal vulnerability that allows local authenticated users to write files to arbit...

A path traversal vulnerability in Linksys MR9600 and MX4200 routers allows attackers to mount USB drive partitions to arbitrary file system locations....

The CSV to SortTable WordPress plugin through version 4.2 contains a Local File Inclusion (LFI) vulnerability that allows authenticated users (includi...

This vulnerability in the Developer Loggers for Simple History WordPress plugin allows authenticated attackers with Administrator-level access to perf...

CVE-2025-0694 is a path traversal vulnerability in CODESYS Control that allows attackers with physical access and low privileges to bypass file system...

A path traversal vulnerability in CRI-O's log management functions (UnMountPodLogs and LinkContainerLogs) allows attackers with Pod creation/deletion ...

This CVE describes a path traversal vulnerability in the Cities Shipping Zones for WooCommerce WordPress plugin that allows attackers to include local...

Appium's ZIP extraction function contains a path traversal vulnerability where malicious ZIP files can write files outside the intended destination di...

This vulnerability in IBM webMethods API Gateway and API Management allows attackers to read arbitrary files on the server by manipulating the URL par...

This vulnerability allows authenticated users in Traccar GPS tracking systems to write files outside the intended media directory by setting a device'...

This path traversal vulnerability in Simple File List WordPress plugin allows attackers to download arbitrary files from the server by manipulating fi...

This path traversal vulnerability in the Open User Map WordPress plugin allows attackers to download arbitrary files from the server by manipulating f...

This vulnerability allows authenticated attackers to read arbitrary files on the system by manipulating a filepath parameter to access internal system...

OpenClaw personal AI assistant versions before 2026.2.14 allow authenticated attackers to read arbitrary files from the Gateway host via path traversa...

The WP-DownloadManager plugin for WordPress has a path traversal vulnerability that allows authenticated administrators to delete arbitrary files on t...

Dell Avamar backup software versions before 19.12 with patch 338905 contain a path traversal vulnerability that allows authenticated high-privilege at...

The Element Pack Addons for Elementor WordPress plugin contains an arbitrary file read vulnerability in its SVG widget. Authenticated attackers with c...

A path traversal vulnerability in QNAP File Station 5 allows authenticated attackers to read arbitrary files on the system. This affects QNAP NAS devi...

A path traversal vulnerability in Qsync Central allows authenticated attackers to read arbitrary files on the system. This affects all Qsync Central i...

CVE-2026-25760 is an authenticated path traversal vulnerability in Sliver's website content subsystem that allows authenticated operators to read arbi...

This vulnerability in Gogs allows attackers to read or write arbitrary files on the server through path traversal in Git hook editing functionality. A...

OpenClaw versions before 2026.1.30 contain a path traversal vulnerability in the isValidMedia() function that allows reading arbitrary files on the sy...

CVE-2026-24053 is a path traversal vulnerability in Claude Code that allows attackers to bypass directory restrictions and write files outside the cur...

Webile 1.0.1 contains an unauthenticated directory traversal vulnerability that allows attackers to manipulate file paths and access sensitive system ...

Free Photo & Video Vault 0.0.2 contains a directory traversal vulnerability that allows remote attackers to manipulate web requests and access sensiti...

This vulnerability allows authenticated Umbraco backoffice users to perform path traversal attacks, enabling them to enumerate and read arbitrary file...

A directory traversal vulnerability in 66biolinks v44.0.0 allows attackers to write files outside intended directories when uploading ZIP archives. Th...

This path traversal vulnerability in SeaTheme BM Content Builder WordPress plugin allows attackers to download arbitrary files from the server by mani...

This path traversal vulnerability in TMS Management Console allows authenticated users to read arbitrary files on the server by manipulating the fileP...

Chainlit versions before 2.9.4 contain an arbitrary file read vulnerability where authenticated clients can manipulate element paths to copy server fi...

This CVE describes a path traversal vulnerability in SiYuan's file copy endpoint that allows authenticated users to copy arbitrary files from the serv...

This vulnerability allows authenticated attackers with Contributor-level WordPress access to read arbitrary files on the server through the Gutenberg ...

A path traversal vulnerability in TOA Corporation TRIFORA 3 series network cameras allows authenticated users with monitoring privileges or higher to ...

The Gotham Block Extra Light WordPress plugin contains an arbitrary file read vulnerability in all versions up to 1.5.0. Authenticated attackers with ...

This path traversal vulnerability in Fortinet FortiVoice allows privileged attackers to delete arbitrary files from the underlying filesystem via craf...

A path traversal vulnerability in Zen MCP Server allows authenticated attackers to read arbitrary files on the system by bypassing directory blacklist...

This path traversal vulnerability in Broadcom DX NetOps Spectrum allows attackers to access files outside the intended directory by manipulating file ...

This CVE describes a potential directory traversal vulnerability in CouchCMS 2.4 that could allow authenticated admin users to read arbitrary files on...

Vivotek IP7137 cameras with firmware version 0200a are vulnerable to path traversal attacks, allowing authenticated attackers to access files outside ...

This vulnerability allows authenticated REDAXO users with backup permissions to read arbitrary files within the webroot via path traversal in the Back...

The Flashcard WordPress plugin contains a path traversal vulnerability that allows authenticated attackers with contributor-level access or higher to ...

This path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files on the server by manipulating the 'edit-file' pa...

This path traversal vulnerability in the AmentoTech Tuturn WordPress plugin allows attackers to download arbitrary files from the server by manipulati...

This path traversal vulnerability in the MapSVG WordPress plugin allows attackers to download arbitrary files from the server by manipulating file pat...