CWE-22: Path Traversal

MoneyPrinterTurbo 1.2.6 contains a path traversal vulnerability that allows attackers to read arbitrary files on the server via specially crafted down...

This path traversal vulnerability in kalcaddle kodbox 1.61 allows remote attackers to read or write arbitrary files by manipulating the 'path' paramet...

This is a critical path traversal vulnerability in MigoXLab LMeterX 1.2.0 that allows attackers to access arbitrary files on the server by manipulatin...

This critical path traversal vulnerability in gooaclok819 sublinkX allows attackers to access arbitrary files on the server by manipulating the filena...

A critical path traversal vulnerability in diyhi bbs 6.8 allows remote attackers to manipulate directory paths via the dirName parameter in the API co...

This critical vulnerability in Spring-Boot-In-Action allows attackers to perform path traversal attacks via the filename parameter in the watermarkTes...

This critical vulnerability in quequnlong shiyi-blog allows remote attackers to perform path traversal attacks via the /api/file/upload endpoint. By m...

This critical path traversal vulnerability in jammy928 CoinExchange_CryptoExchange_Java allows attackers to write arbitrary files to server directorie...

This critical vulnerability in merikbest ecommerce-spring-reactjs allows attackers to perform path traversal attacks via the filename parameter in the...

This vulnerability allows a sandboxed process to bypass sandbox restrictions through a path handling issue. It affects Apple iOS, iPadOS, and macOS us...

This critical vulnerability in lenve VBlog allows remote attackers to perform path traversal attacks via the uploadImg function's filename parameter. ...

CVE-2024-57248 is a directory traversal vulnerability in Gleamtech FileVista 9.2.0.0 that allows attackers to bypass access controls and upload malici...

A critical path traversal vulnerability in SourceCodester Simple Forum-Discussion System 1.0 allows remote attackers to access arbitrary files on the ...

This critical vulnerability in JFinalCMS allows remote attackers to perform path traversal attacks via the 'name' parameter in the delete function of ...

This path traversal vulnerability in Xiaomi File Manager allows attackers to write arbitrary files to sensitive locations by manipulating file paths. ...

CVE-2024-41373 is a path traversal vulnerability in ICEcoder 8.1 that allows attackers to read arbitrary files on the server via lib/backup-versions-p...

This vulnerability in Ghostscript allows path traversal attacks via crafted PostScript documents, enabling unauthorized file access when the current d...

This path traversal vulnerability in OTRS and ((OTRS)) Community Edition allows authenticated users (agents or customers) to upload malicious files to...

Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through API requests. By manipul...

This vulnerability allows attackers to access files outside the intended directory through path traversal in Innorix WP. It affects all versions of In...

PDFPatcher contains a directory traversal vulnerability (CWE-22) where the executable fails to validate user-supplied file paths, allowing attackers t...

This vulnerability in the ObsidianReader class of llama_index allows attackers to bypass path restrictions using hardlinks, potentially accessing sens...

A path traversal vulnerability in the Bluetooth module allows attackers to access files outside the intended directory. This affects devices with vuln...

A path traversal vulnerability in the 'deleteFiles' function of GE HealthCare's Common Service Desktop component allows attackers to delete arbitrary ...

OpenClaw versions 2026.1.16-2 through 2026.2.13 contain a path traversal vulnerability in archive extraction during installation commands. Attackers c...

OpenClaw versions before 2026.2.14 have a path traversal vulnerability in sandbox skill mirroring when enabled. Attackers can craft skill packages wit...

CVE-2025-65076 is a path traversal vulnerability in WaveView client's ilog script that allows high-privileged attackers to read or delete any file on ...

A directory traversal vulnerability in Solon v3.1.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via the solon-faas-luffy com...

A zip path traversal vulnerability in Mendix Studio Pro allows attackers to write or modify arbitrary files outside a developer's project directory by...

A path traversal vulnerability in ShortcutService on Samsung devices allows a privileged local attacker to create arbitrary files with system privileg...

A directory traversal vulnerability in Beam beta9 v0.1.521 allows remote attackers to access sensitive files outside the intended directory via the jo...

This path traversal vulnerability in Dell PowerProtect Data Domain allows high-privileged local attackers to access restricted directories, potentiall...

This path traversal vulnerability in Fortinet FortiManager and FortiAnalyzer allows authenticated admin users with diagnose privileges to delete arbit...

This vulnerability in Cacti allows administrators to read arbitrary local files on the server by manipulating the Poller Standard Error Log Path param...

This CVE describes a command injection vulnerability in Palo Alto Networks PAN-OS software that allows authenticated administrators to bypass system r...

This CVE describes a path traversal vulnerability in the Unite Gallery Lite WordPress plugin that allows attackers to include local PHP files. Attacke...

The Feeds for YouTube Pro WordPress plugin has an arbitrary file read vulnerability that allows unauthenticated attackers to read any file on the serv...

Spring Framework MVC applications can be vulnerable to path traversal attacks when deployed on non-compliant Servlet containers, potentially allowing ...

This vulnerability allows unauthenticated attackers to perform directory traversal attacks via the userpro_fbconnect() function in the UserPro WordPre...

This CVE describes a directory traversal vulnerability in aiohttp when using static routes with 'follow_symlinks=True'. Attackers can access arbitrary...

This path traversal vulnerability in Fortinet FortiSOAR Agent Communication Bridge allows unauthenticated attackers to read files accessible to the fo...

This vulnerability in sigstore's legacy TUF client allows a malicious TUF repository to trigger arbitrary file overwriting by exploiting path traversa...

A path traversal vulnerability in allegroai/clearml v2.0.1 allows attackers to write arbitrary files outside intended directories via improper handlin...

CVE-2025-42970 is a path traversal vulnerability in SAPCAR archive extraction tool that allows attackers to overwrite arbitrary files on a victim's sy...

GraphQL Mesh has a path traversal vulnerability in its static file handler that allows attackers to access arbitrary files on the server filesystem. T...

This path traversal vulnerability in Komtera Technologies KLog Server allows attackers to manipulate web input to access files outside the intended di...

This directory traversal vulnerability in VONETS VAP11G-300 routers allows attackers to access sensitive files by manipulating HTTP requests. Attacker...

This path traversal vulnerability in OpenText iManager 3.2.6.0200 allows attackers to access files outside the intended directory. It can lead to priv...

CVE-2025-13435 is a path traversal vulnerability in Dreampie Resty's HttpClient module that allows attackers to access arbitrary files on the server b...

This vulnerability in SaltStack allows attackers to overwrite files in the pki directory by exploiting improper path validation when processing on-dem...