CWE-22: Path Traversal

This path traversal vulnerability in Fortinet FortiVoice allows privileged attackers to delete arbitrary files from the underlying filesystem via craf...

A path traversal vulnerability in Zen MCP Server allows authenticated attackers to read arbitrary files on the system by bypassing directory blacklist...

This path traversal vulnerability in Broadcom DX NetOps Spectrum allows attackers to access files outside the intended directory by manipulating file ...

This CVE describes a potential directory traversal vulnerability in CouchCMS 2.4 that could allow authenticated admin users to read arbitrary files on...

Vivotek IP7137 cameras with firmware version 0200a are vulnerable to path traversal attacks, allowing authenticated attackers to access files outside ...

This vulnerability allows authenticated REDAXO users with backup permissions to read arbitrary files within the webroot via path traversal in the Back...

The Flashcard WordPress plugin contains a path traversal vulnerability that allows authenticated attackers with contributor-level access or higher to ...

This path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files on the server by manipulating the 'edit-file' pa...

This path traversal vulnerability in the AmentoTech Tuturn WordPress plugin allows attackers to download arbitrary files from the server by manipulati...

This path traversal vulnerability in the MapSVG WordPress plugin allows attackers to download arbitrary files from the server by manipulating file pat...

CVE-2023-53907 is an authenticated file download vulnerability in Bludit's Backup Plugin that allows logged-in users to read arbitrary files through d...

This vulnerability allows high-privileged attackers to perform path traversal attacks through the alog script in WaveView client, enabling file read/d...

The Simple CSV Table WordPress plugin has a directory traversal vulnerability that allows authenticated attackers with Contributor-level access or hig...

This vulnerability allows authenticated WordPress users with Author-level permissions or higher to perform directory traversal attacks via the modula_...

The WP Job Portal WordPress plugin contains an arbitrary file read vulnerability in all versions up to 2.4.0. Authenticated attackers with Subscriber-...

Pyrofork versions 2.3.68 and earlier are vulnerable to path traversal attacks when downloading media files from Telegram messages. Attackers can send ...

CVE-2025-65814 is a directory traversal vulnerability in RHOPHI Analytics LLP Office App-Edit Word v6.4.1 that allows attackers to access files outsid...

CVE-2025-65815 is a directory traversal vulnerability in AB TECHNOLOGY Document Reader that allows attackers to access files outside the intended dire...

STVS ProVision 5.9.10 contains an authenticated path traversal vulnerability in its archive download functionality. Authenticated attackers can manipu...

CVE-2025-65345 is a directory traversal vulnerability in alexusmai/laravel-file-manager versions 3.3.1 and below. It allows attackers to create archiv...

The Data Tables Generator by Supsystic WordPress plugin contains a path traversal vulnerability in its cleanCache() function that allows authenticated...

A path traversal vulnerability in OneDrive for Android allows authenticated attackers to access files outside the intended directory via network reque...

The CYAN Backup WordPress plugin has an arbitrary file deletion vulnerability in versions up to 2.5.4. Authenticated attackers with Administrator priv...

The WPFunnels WordPress plugin contains an arbitrary file deletion vulnerability that allows authenticated attackers with Administrator privileges to ...

This vulnerability in KubeVirt allows a malicious user with control over a PersistentVolumeClaim (PVC) to read arbitrary files from the virt-launcher ...

A path traversal vulnerability in Qsync Central allows authenticated attackers to read arbitrary files on the system. This affects all Qsync Central i...

This vulnerability allows authenticated network administrators in Advantech WebAccess/VPN to read arbitrary files accessible to the web user (www-data...

This path traversal vulnerability in TESI Gandia Integra Total version 4.4.2236.1 allows authenticated attackers to download ZIP files containing sens...

This vulnerability allows remote attackers to brute-force directory and file paths to access sensitive information like private keys and configuration...

This vulnerability allows attackers to brute-force directory and file paths, potentially exposing sensitive information stored in accessible locations...

This path traversal vulnerability in Canonical LXD 5.0 LTS allows authenticated remote attackers to read arbitrary files on the host system by manipul...

This vulnerability in GTONE ChangeFlow allows attackers to traverse directory paths and download arbitrary files without integrity checks. It affects ...

The All in One Music Player WordPress plugin contains a path traversal vulnerability that allows authenticated attackers with Contributor-level access...

The Backuply WordPress plugin has a vulnerability allowing authenticated attackers with Administrator privileges to delete arbitrary files on the serv...

This vulnerability allows authenticated attackers with Subscriber-level access or higher to perform path traversal attacks via the file_download() fun...

CVE-2025-58162 is an arbitrary file write vulnerability in MobSF version 4.4.0. Authenticated users can upload specially crafted files to write arbitr...

A path traversal vulnerability in Qsync Central allows authenticated remote attackers to read arbitrary files on the system. This affects all QNAP use...

A path traversal vulnerability in Qsync Central allows authenticated remote attackers to read arbitrary files on the system. This affects all Qsync Ce...

A path traversal vulnerability in QNAP operating systems allows authenticated attackers to read arbitrary files. This affects QTS and QuTS hero users ...

A path traversal vulnerability in SS1 Ver.16.0.0.10 and earlier allows remote authenticated attackers to overwrite legitimate files by manipulating fi...

This vulnerability allows authenticated administrators to exploit path traversal via crafted backup files in Cisco Nexus Dashboard, potentially gainin...

The Custom Query Shortcode WordPress plugin contains a path traversal vulnerability that allows authenticated attackers with Contributor-level access ...

This path traversal vulnerability in Infility Global WordPress plugin allows attackers to access files outside the intended directory. It affects all ...

This CVE describes a directory traversal vulnerability in elFinder versions 2.1.64 and prior when used in WordPress plugins. Unauthenticated attackers...

This path traversal vulnerability in MiR robot software allows authenticated users to access arbitrary files on the robot's file system through specia...

This directory traversal vulnerability in 4C Strategies Exonaut allows attackers to access files outside the intended directory structure. Organizatio...

This vulnerability in kotaemon allows attackers to perform directory traversal attacks by submitting malicious file paths containing sequences like '....

A path traversal vulnerability in QNAP File Station 5 allows authenticated attackers to read arbitrary files on the system. This affects all QNAP NAS ...

This vulnerability in IBM Planning Analytics Local allows privileged users to delete files from directories they shouldn't have access to due to impro...

This vulnerability in Cisco Catalyst SD-WAN Manager allows authenticated remote attackers to write arbitrary files via API requests due to improper in...