CWE-22: Path Traversal

This vulnerability allows authenticated attackers to delete arbitrary files on CTCMS Content Management System servers via path traversal in the file ...

This vulnerability in Misskey allows malicious AiScript code to bypass API endpoint restrictions by using directory traversal sequences (../) to acces...

This critical vulnerability in ruoyi-vue-pro 2.4.1 allows attackers to perform path traversal attacks through the material upload interface. By manipu...

This critical vulnerability in ruoyi-vue-pro 2.4.1 allows remote attackers to perform path traversal attacks through the material upload interface. By...

This critical vulnerability in zhijiantianya ruoyi-vue-pro 2.4.1 allows remote attackers to perform path traversal attacks via the /admin-api/infra/fi...

The Download Manager plugin for WordPress has a directory traversal vulnerability that allows authenticated attackers with Author-level permissions or...

This path traversal vulnerability in Apache Doris allows authenticated application administrators to read arbitrary files from the server filesystem. ...

This critical vulnerability in CmsEasy 7.7.7.9 allows remote attackers to perform path traversal attacks via the select[] parameter in the backAll_act...

This vulnerability in SiYuan personal knowledge management systems allows attackers to write arbitrary files to the host server and execute stored cro...

This critical vulnerability in Landray EKP allows remote attackers to perform path traversal attacks via the deleteFile API endpoint. Attackers can de...

MyPower vc8100 V100R001C00B030 contains an arbitrary file read vulnerability in the /tcpdump/tcpdump.php component via the menu_uuid parameter. This a...

This vulnerability in EnvisionWare Computer Access & Reservation Control SelfCheck v1.0 allows unauthenticated attackers on the same network to perfor...

This CVE describes a path traversal vulnerability in Apache PDFBox's ExtractEmbeddedFiles example code. Attackers can exploit this to write files outs...

This CVE describes a path traversal vulnerability in Tsinghua Unigroup Electronic Archives System version 3.2.210802(62532). Attackers can remotely ex...

This vulnerability in changedetection.io allows unauthenticated attackers to read application source files through a directory traversal flaw in the s...

A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 routers allows remote attackers to delete arbi...

A path traversal vulnerability in Backstage's TechDocs local generator allows attackers to read arbitrary files from the host filesystem when processi...

CVE-2025-67083 is a directory traversal vulnerability in InvoicePlane that allows unauthenticated attackers to read arbitrary files from the server. T...

This CVE describes a Path Traversal (Zip Slip) vulnerability in MONAI's _download_from_ngc_private() function that allows attackers to write arbitrary...

This vulnerability in AIOHTTP allows attackers to determine the existence of absolute path components through path normalization logic in static file ...

This is a path traversal vulnerability in yeqifu carRental software that allows attackers to access arbitrary files on the server by manipulating the ...

A path traversal vulnerability in Municorn FAX App 3.27.0 for Android allows local attackers to access files outside the intended directory. This affe...

A path traversal vulnerability in the Jehovah's Witnesses JW Library App for Android allows local attackers to access files outside the intended direc...

This vulnerability allows local attackers to perform path traversal attacks in the Rareprob HD Video Player All Formats App on Android, potentially ov...

A path traversal vulnerability in jsnjfz WebStack-Guns 1.0 allows remote attackers to read arbitrary files on the server by manipulating the renderPic...

CVE-2025-12972 is a path traversal vulnerability in Fluent Bit's out_file plugin that allows attackers to write files outside the intended output dire...

This vulnerability allows attackers to bypass middleware validation checks in Astro web applications by using URL-encoded path variants. The mismatch ...

This CVE describes a path traversal vulnerability in wwwlike vlife software up to version 2.0.1. Attackers can manipulate the fileName parameter in th...

A path traversal vulnerability in the lsfusion platform allows attackers to manipulate the Version parameter in DownloadFileRequestHandler to access a...

CVE-2025-42919 is an information disclosure vulnerability in SAP NetWeaver Application Server Java that allows unauthenticated attackers to access int...

This path traversal vulnerability in Fortinet FortiDLP Agent's Outlookproxy plugin allows authenticated attackers to escalate privileges to LocalServi...

SAP Commerce Cloud contains a path traversal vulnerability that allows users to access the Administration Console from addresses where it's not explic...

Dell PowerProtect Data Domain systems running vulnerable DD OS versions contain a path traversal vulnerability in the UI that allows unauthenticated r...

This CVE describes a path traversal vulnerability in Four-Faith Water Conservancy Informatization Platform that allows attackers to access arbitrary f...

This CVE describes a path traversal vulnerability in Four-Faith Water Conservancy Informatization Platform up to version 2.2. Attackers can remotely m...

FreshRSS versions 1.26.3 and below contain a path traversal vulnerability in the theme field that allows attackers to enumerate server directories. Th...

This CVE describes a path traversal vulnerability in Four-Faith Water Conservancy Informatization Platform 1.0 that allows attackers to access arbitra...

This directory traversal vulnerability in Sync In server allows authenticated attackers to read and write arbitrary files on the system by exploiting ...

This CVE describes a path traversal vulnerability in Four-Faith Water Conservancy Informatization Platform 1.0. Attackers can manipulate the fileName ...

This CVE describes a path traversal vulnerability in Four-Faith Water Conservancy Informatization Platform 1.0. Attackers can manipulate the fileName ...

A path traversal vulnerability in MoneyPrinterTurbo allows attackers to access arbitrary files on the server by manipulating the file_path parameter i...

This vulnerability in Vite allows attackers to bypass server.fs restrictions and access files outside the public directory when specific conditions ar...

Group-Office versions before 6.8.119 and 25.0.20 contain a path traversal vulnerability that allows attackers to access files outside the intended dir...

This CVE describes a path traversal vulnerability in Adobe Commerce that allows attackers to bypass security restrictions and modify limited data with...

This CVE describes a path traversal vulnerability in Kingdee Cloud-Starry-Sky Enterprise Edition that allows attackers to delete arbitrary files by ma...

This CVE describes a path traversal vulnerability in Python's tarfile module when using extraction filters. It allows attackers to modify file metadat...

This vulnerability in Vite allows attackers to bypass file access restrictions and read sensitive files from the project root directory. Only affects ...

This path traversal vulnerability in the MyTicket Events WordPress plugin allows attackers to read files outside the intended directory. It affects al...

This critical vulnerability in GuoMinJim PersonManage 1.0 allows remote attackers to perform path traversal attacks via the Request parameter in the /...

This vulnerability in the gradio-app/gradio repository allows attackers to bypass file access restrictions on Windows systems using NTFS Alternate Dat...