CWE-22: Path Traversal

CVE-2026-29780 is a path traversal vulnerability in eml_parser's example script that allows arbitrary file writes outside intended directories. Attack...

This CVE describes a path traversal vulnerability in ZenTao's Committer component that allows attackers to delete arbitrary files by manipulating the ...

A path validation vulnerability in macOS allows malicious applications to bypass directory restrictions and access sensitive user data. This affects m...

A path validation vulnerability in Apple operating systems allows applications to access sensitive user data through improper directory path parsing. ...

A path validation vulnerability in macOS and visionOS allows applications to bypass directory restrictions and access sensitive user data. This affect...

A path handling vulnerability in macOS allows applications to bypass intended restrictions and access sensitive user data. This affects macOS systems ...

A path handling vulnerability in iOS/iPadOS backup restoration allows malicious backup files to modify protected system files. This affects users who ...

This vulnerability allows attackers to read arbitrary files on Outline servers by exploiting path traversal during JSON import. Attackers can embed se...

The Post Slides WordPress plugin through version 1.0.1 contains a Local File Inclusion (LFI) vulnerability. Authenticated users with contributor-level...

This vulnerability in melange allows attackers to read arbitrary files from the host system through path traversal in license file paths. Attackers wh...

A path traversal vulnerability in Samsung Members app allows local attackers to overwrite arbitrary files within the app's data directory. This affect...

This vulnerability in malcontent allows attackers to create symbolic links outside the intended extraction directory when scanning specially crafted t...

A path traversal vulnerability in Zohocorp ManageEngine ADManager Plus allows attackers to access files outside the intended directory through the Use...

A path validation vulnerability in macOS allows applications to bypass directory restrictions and access sensitive user data. This affects macOS Sonom...

A path validation vulnerability in macOS allows applications to access sensitive user data through improper directory path parsing. This affects macOS...

A path validation vulnerability in macOS allows applications to bypass directory restrictions and access sensitive user data. This affects macOS Ventu...

A path validation vulnerability in macOS allows applications to bypass directory restrictions and access sensitive user data. This affects macOS Sequo...

This vulnerability in the BlindMatrix e-Commerce WordPress plugin allows authenticated users (including contributors) to perform Local File Inclusion ...

A path validation vulnerability in macOS allows applications to bypass directory restrictions and access sensitive user data. This affects macOS syste...

This CVE describes a path traversal vulnerability in Android's SliceManagerTest component that allows local attackers to cause permanent denial of ser...

This path traversal vulnerability in Fortinet FortiManager and FortiManager Cloud allows authenticated remote attackers to overwrite arbitrary files v...

This critical vulnerability in TransformerOptimus SuperAGI allows attackers to perform path traversal attacks via the filename argument in the downloa...

This critical path traversal vulnerability in OpenAgents allows attackers to access arbitrary files on the server by manipulating file upload paths. I...

This critical vulnerability in Upsonic allows attackers to perform path traversal attacks by manipulating file uploads. It enables unauthorized access...

A critical path traversal vulnerability in python-a2a's create_workflow function allows attackers to access files outside intended directories. This a...

This vulnerability allows attackers to delete arbitrary files on HPE StoreOnce backup appliances through directory traversal techniques. It affects HP...

This CVE describes a path handling vulnerability in Apple operating systems that could allow an app to read sensitive location information. The issue ...

This path traversal vulnerability in Fortinet FortiWeb web application firewalls allows attackers to bypass directory restrictions and potentially exe...

This Node.js vulnerability on Windows incorrectly handles drive names in path.join(), treating relative paths as root directory references. This allow...

This CVE describes a path validation vulnerability in macOS that allows malicious applications to overwrite arbitrary files on the system. It affects ...

This vulnerability allows attackers to perform directory traversal attacks through the /php/script_uploads.php component in Zenitel AlphaWeb XE. Attac...

A path traversal vulnerability in the action_listcategories() function of Asterisk allows attackers to access files outside the intended directory. Th...

This vulnerability in Cisco ISE allows authenticated attackers with Super Admin credentials to read or delete arbitrary files on the system. It affect...

This vulnerability allows malicious apps to record the screen without displaying the standard recording indicator on Apple devices. It affects users o...

Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking, allowing attackers to execute arbitrary code with elevated privil...

This vulnerability in tripleo-ansible allows local attackers to discover sensitive configuration files through brute force directory exploration due t...

A path traversal vulnerability in ZenTao's backup handler allows attackers to delete arbitrary files by manipulating the fileName parameter. This affe...

This CVE describes a path traversal vulnerability in JavaMall's MinioController delete function that allows attackers to delete arbitrary files on the...

This CVE describes a path traversal vulnerability in baowzh hfly's admin interface that allows remote attackers to delete arbitrary files by manipulat...

This vulnerability in Synology FileStation's thumb.cgi component allows authenticated users to read and write image files they shouldn't have access t...

This CVE describes a path traversal vulnerability in RainyGao DocSys up to version 2.02.36. Attackers can remotely manipulate the 'path' parameter in ...

This CVE describes a path traversal vulnerability in 299ko CMS versions up to 2.0.0. Attackers can remotely exploit the getSentDir/delete function in ...

This CVE describes a path traversal vulnerability in SimStudioAI sim software where manipulation of the filePath argument allows attackers to access f...

This CVE describes a path traversal vulnerability in yeqifu carRental software that allows remote attackers to delete arbitrary files on the server. T...

This critical vulnerability in litemall allows attackers to perform path traversal attacks via the delete function in the file handler component. Remo...

This critical vulnerability in gorobbs allows remote attackers to perform path traversal attacks via the filename parameter in the ResetUserAvatar API...

This critical path traversal vulnerability in risesoft-y9 Digital-Infrastructure allows attackers to delete arbitrary files on the server by manipulat...

This vulnerability allows authenticated attackers to write arbitrary files on the system via path traversal in Erxes's GraphQL API. It affects all Erx...

This critical path traversal vulnerability in Kingdee Cloud Galaxy Private Cloud BBC System allows attackers to delete arbitrary files by manipulating...

A path traversal vulnerability in SourceCodester Student Result Management System 1.0 allows attackers to access arbitrary files on the server by mani...