CWE-22: Path Traversal

SeaCMS V12.9 contains an arbitrary file write vulnerability in admin_ip.php that allows attackers to write malicious files to the server. This affects...

CVE-2022-28357 is a directory traversal vulnerability in NATS nats-server that allows management accounts to access arbitrary files outside the intend...

This critical vulnerability in LG LED Assistant allows unauthenticated remote attackers to execute arbitrary code by exploiting improper path validati...

CVE-2023-4613 is a critical path traversal vulnerability in LG LED Assistant that allows unauthenticated remote attackers to execute arbitrary code. A...

IceWarp Mail Server v10.4.5 contains a local file inclusion vulnerability in the /calendar/minimizer/index.php component that allows attackers to read...

CVE-2023-26469 is a critical path traversal vulnerability in Jorani 1.0.0 that allows attackers to access arbitrary files on the server and execute re...

This CVE describes a directory traversal vulnerability in Even Balance Punkbuster anti-cheat software that allows remote attackers to execute arbitrar...

CVE-2023-39143 is a path traversal vulnerability in PaperCut NG/MF on Windows that allows attackers to upload, read, or delete arbitrary files. When e...

This vulnerability in ZKTeco BioTime allows authenticated attackers to perform path traversal attacks via crafted requests to /base/sftpsetting/ endpo...

This vulnerability allows attackers to perform path traversal attacks via the 'restore SQL data' filename in Vocera Report Server and Voice Server. By...

This CVE describes an authentication bypass vulnerability in Apache Shiro that allows attackers to bypass security controls through path traversal tec...

CVE-2023-26563 is a critical directory traversal vulnerability in Syncfusion EJ2 Node File Provider that allows unauthenticated attackers to read, del...

CVE-2023-34598 is a Local File Inclusion vulnerability in Gibbon v25.0.0 that allows attackers to read sensitive files from the server's installation ...

CVE-2020-19902 is a critical directory traversal vulnerability in Cryptoprof WCMS v0.3.2 that allows remote attackers to execute arbitrary code via th...

This vulnerability allows unauthenticated attackers to read, write, or delete arbitrary files on affected systems due to insufficient filename validat...

This critical vulnerability allows unauthenticated attackers to upload arbitrary files to Trend Micro Apex One management servers via path traversal, ...

CVE-2023-34939 is a critical remote code execution vulnerability in ONLYOFFICE Community Server's UploadProgress.ashx component that allows attackers ...

CVE-2023-34880 is a critical path traversal vulnerability in cmseasy CMS that allows attackers to execute arbitrary code via local file inclusion. Thi...

A directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files to arbitrary locations on the server via the rename feature. This af...

This vulnerability allows unauthenticated remote attackers to bypass authentication in Percona Monitoring and Management (PMM) servers by exploiting p...

Keyboard Themes 1.275.1.164 for Android contains a path traversal vulnerability that allows unauthorized apps to write arbitrary files to its internal...

This vulnerability allows remote attackers to execute arbitrary code on AudioCodes Device Manager Express servers via directory traversal in file uplo...

A directory traversal vulnerability in MW WP Form plugin versions 4.4.2 and earlier allows unauthenticated remote attackers to access files outside th...

A directory traversal vulnerability in Snow Monkey Forms allows unauthenticated attackers to access files outside the intended directory. This affects...

MicroEngine Mailform versions 1.1.0 to 1.1.8 contain a path traversal vulnerability in the file upload function. When the server save option is enable...

WebPlus Pro v1.4.7.8.4-01 has an incorrect access control vulnerability (CWE-22) that allows attackers to bypass authentication or authorization mecha...

A path traversal vulnerability in imo.im allows attackers to write malicious shared libraries to the application's data directory via unsanitized deep...

This vulnerability in Timmystudios Fast Typing Keyboard allows unauthorized apps to overwrite arbitrary files in the keyboard's internal storage via a...

This CVE describes a directory traversal vulnerability in T-ME Studios' 'Change Color of Keypad' Android app that allows remote attackers to execute a...

The Hummingbird WordPress plugin before version 3.4.2 has a path traversal vulnerability in its page cache module. Attackers can write arbitrary files...

BiblioCraft mod for Minecraft has a path traversal vulnerability that allows attackers to write files to arbitrary locations on the filesystem. This c...

CVE-2020-19279 is a directory traversal vulnerability in B3log Wide that allows attackers to access arbitrary files on the server via symbolic link ma...

This is a critical path traversal vulnerability in Ivanti Avalanche that allows authenticated attackers to bypass authentication mechanisms and execut...

This critical vulnerability in DCN DCBI-Netlog-LAB allows unauthenticated attackers to bypass authentication and execute arbitrary commands on affecte...

CVE-2023-27855 is a critical path traversal vulnerability in Rockwell Automation's ThinManager ThinServer that allows unauthenticated remote attackers...

CVE-2023-28371 is a path traversal vulnerability in Stellarium that allows attackers to write files to unintended locations using absolute paths or di...

This CVE describes a directory traversal vulnerability in Wyomind Help Desk Magento 2 extension that allows attackers to execute arbitrary code via fi...

This is a path traversal vulnerability in SS1 and Rakuraku PC Cloud Agent software that allows attackers to upload files to arbitrary directories. Whe...

This CVE describes a path traversal vulnerability in FlatPress blogging software that allows attackers to read arbitrary files on the server. It affec...

This CVE describes a directory traversal vulnerability in AdminLTE 3.1.0 that allows remote attackers to access sensitive admin pages via specific URI...

CVE-2022-45969 is a directory traversal vulnerability in Alist v3.4.0 that allows attackers to access files outside the intended directory. This affec...

This CVE describes a Local File Inclusion (LFI) vulnerability in Portal do Software Publico Brasileiro i3geo version 7.0.5 that allows attackers to ex...

This vulnerability allows attackers to read arbitrary files on the server through absolute path traversal in the adriankoczuruek/ceneo-web-scrapper re...

CVE-2022-25046 is a critical path traversal vulnerability in CentOS Web Panel (CWP) that allows unauthenticated attackers to execute arbitrary code on...

CVE-2022-28945 is a critical directory traversal vulnerability in Webbank WeCube v3.2.2 that allows attackers to write arbitrary files to the server f...

This vulnerability in dpkg allows directory traversal when extracting specially crafted source packages, enabling attackers to write arbitrary files o...

CVE-2022-29596 is an authentication bypass vulnerability in MicroStrategy Enterprise Manager 2022 that allows attackers to bypass login controls throu...

This vulnerability allows attackers to bypass access controls on specific REST API endpoints in Zoho ManageEngine products by using '../RestAPI' in UR...

The Admin Word Count Column WordPress plugin through version 2.2 contains a path traversal vulnerability in the readfile() function that allows unauth...

CVE-2022-29464 is a critical unrestricted file upload vulnerability in multiple WSO2 products that allows attackers to upload malicious files to web-a...