CWE-22: Path Traversal

This directory traversal vulnerability in 4C Strategies Exonaut allows attackers to access files outside the intended directory structure. Organizatio...

This vulnerability in kotaemon allows attackers to perform directory traversal attacks by submitting malicious file paths containing sequences like '....

A path traversal vulnerability in QNAP File Station 5 allows authenticated attackers to read arbitrary files on the system. This affects all QNAP NAS ...

This vulnerability in IBM Planning Analytics Local allows privileged users to delete files from directories they shouldn't have access to due to impro...

This vulnerability in Cisco Catalyst SD-WAN Manager allows authenticated remote attackers to write arbitrary files via API requests due to improper in...

This vulnerability allows attackers to perform directory traversal attacks via crafted POST requests in Entrust Corp Printer Manager. Attackers can po...

This path traversal vulnerability in the Total Processing Card Payments for WooCommerce WordPress plugin allows attackers to download arbitrary files ...

The Streamit WordPress theme contains a vulnerability that allows authenticated attackers with subscriber-level access or higher to download arbitrary...

This path traversal vulnerability in the Publitio WordPress plugin allows attackers to read arbitrary files on the server by manipulating file paths. ...

This path traversal vulnerability in the WordPress Include URL plugin allows attackers to download arbitrary files from the server by manipulating URL...

Xorcom CompletePBX versions through 5.2.35 contain an authenticated path traversal vulnerability in the Backup and Restore functionality. This allows ...

A path traversal vulnerability in the HGW-BL1500HM gateway's USB file-sharing function allows attackers to access or modify files outside intended dir...

The Jobs for WordPress plugin contains a directory traversal vulnerability that allows authenticated users with Subscriber-level access or higher to r...

This vulnerability allows unauthenticated attackers to read arbitrary files on servers running vulnerable versions of gaizhenbiao/chuanhuchatgpt. The ...

SOPlanning 1.53.00 has a directory traversal vulnerability in the upload.php file that allows authenticated attackers to delete arbitrary files by man...

CVE-2025-27410 is a path traversal vulnerability in PwnDoc's backup restore functionality that allows authenticated administrators to overwrite arbitr...

This directory traversal vulnerability in IBM Cognos Analytics allows remote attackers to read arbitrary files on the server by sending specially craf...

This vulnerability allows authenticated attackers to perform directory traversal attacks on IBM EntireX 11.1 systems. By sending specially crafted URL...

MasterSAM Star Gate 11 has a directory traversal vulnerability in the /adama/adama/downloadService endpoint. Attackers can manipulate the file paramet...

A directory traversal vulnerability in dhtmlxFileExplorer v8.4.6 allows remote attackers to access sensitive files outside the intended directory via ...

This vulnerability in the BoldGrid Post and Page Builder WordPress plugin allows authenticated attackers with Contributor-level access or higher to pe...

The Jupiter X Core WordPress plugin contains a directory traversal vulnerability in its inline SVG feature. Authenticated attackers with Contributor-l...

This vulnerability allows authenticated WordPress administrators to delete arbitrary directories on the server due to insufficient path validation in ...

IBM InfoSphere Information Server 11.7 contains a directory traversal vulnerability that allows remote attackers to read arbitrary files on the system...

A path traversal vulnerability in rsync's --safe-links option allows attackers to write files outside intended directories when the client fails to pr...

Pat Infinite Solutions HelpdeskAdvanced versions up to 11.0.33 contain a directory traversal vulnerability in the WSConnector SOAP service. Authentica...

This vulnerability allows authenticated users of WhatsUp Gold to craft HTTP requests that can disclose sensitive information. It affects all WhatsUp G...

This vulnerability in pghoard allows attackers to perform path traversal attacks, potentially gaining disk access with the same privileges as the pgho...

This path traversal vulnerability in DELUCKS SEO WordPress plugin allows attackers to download arbitrary files from the server by manipulating file pa...

This vulnerability allows authenticated remote attackers to read arbitrary files on Allegra installations via directory traversal in the getFileConten...

This directory traversal vulnerability in Allegra's downloadAttachmentGlobal function allows authenticated attackers to read arbitrary files on the se...

This vulnerability in Gradio allows attackers with access to the application to read arbitrary files from the server when using File or UploadButton c...

A symlink traversal vulnerability in the containers/storage library used by Podman, Buildah, and CRI-O allows malicious container images to cause deni...

OpenC3 COSMOS contains a path traversal vulnerability in LocalMode's open_local_file method that allows authenticated users with adequate permissions ...

This vulnerability allows authenticated attackers to perform local file inclusion (LFI) through path traversal in the Product Carousel Slider & Grid U...

CVE-2024-46647 is a directory traversal vulnerability in eNMS versions 4.4.0 through 4.7.1 that allows attackers to upload files to arbitrary location...

Mage AI has a path traversal vulnerability in its Git Content request that allows remote users with the 'Viewer' role to read arbitrary files from the...

This vulnerability allows authenticated remote attackers to perform directory traversal attacks on Logsign Unified SecOps Platform installations. By e...

This path traversal vulnerability in the WordPress BetterDocs plugin allows attackers to include local PHP files through improper path validation. It ...

This vulnerability in Bert-VITS2 allows attackers to write arbitrary files to the server by manipulating the data_dir parameter. It affects all users ...

Authenticated users in StoneFly Storage Concentrator (SC and SCVM) versions before 8.0.4.26 can exploit a directory traversal vulnerability via the On...

This vulnerability allows attackers to perform path traversal attacks in the ExS Widgets WordPress plugin, enabling PHP local file inclusion. Attacker...

This path traversal vulnerability in the HT Mega WordPress plugin allows attackers to access files outside the intended directory by manipulating file...

This path traversal vulnerability in the ShopBuilder WordPress plugin allows attackers to access files outside the intended directory. It affects Word...

This path traversal vulnerability in the vCita Online Booking & Scheduling Calendar WordPress plugin allows attackers to access files outside the inte...

This path traversal vulnerability in the AWSM Team WordPress plugin allows attackers to read arbitrary files on the server by manipulating file paths....

This CVE describes a path traversal vulnerability in the Livemesh Addons for Elementor WordPress plugin. It allows attackers to read arbitrary files o...

This path traversal vulnerability in WhatsUp Gold allows unauthenticated attackers to access files outside the intended directory via specially crafte...

This CVE describes a path traversal vulnerability in the WordPress Slideshow SE plugin that allows authenticated users with author-level permissions t...

CVE-2024-36527 is a directory traversal vulnerability in puppeteer-renderer that allows attackers to read sensitive server files by manipulating URL p...