CWE-22: Path Traversal

This critical vulnerability in Pichome 2.1.0 allows remote attackers to perform path traversal attacks via the 'src' parameter in /index.php?mod=textv...

This vulnerability allows remote attackers to perform directory traversal attacks on IBM Cloud Pak System. By sending specially crafted URLs containin...

BigFix Patch Download Plug-ins contain a path traversal vulnerability (CWE-22) that allows authenticated operators to download arbitrary files from th...

This input validation vulnerability in Qualifio's Wheel of Fortune allows attackers to bypass email validation by adding '+' symbols to email addresse...

This path traversal vulnerability (CWE-22) in multiple Fortinet products allows attackers to escalate privileges by sending specially crafted packets....

This critical path traversal vulnerability in the Reggie 1.0 application allows attackers to access arbitrary files on the server by manipulating the ...

The InfiniteWP Client WordPress plugin contains a path traversal vulnerability that allows unauthenticated attackers to read .txt files outside intend...

This path traversal vulnerability in FitNesse allows attackers to check for file existence and potentially read partial file contents by manipulating ...

This vulnerability allows remote attackers to view directory listings in PHPGurukul User Registration & Login and User Management System 3.2 via the /...

This vulnerability in Werkzeug's safe_join() function on Windows with Python < 3.11 allows UNC path bypass, potentially enabling directory traversal a...

An unauthenticated remote attacker can exploit a path traversal vulnerability in Siemens SINEC Security Monitor to write files outside intended direct...

This vulnerability allows attackers to read arbitrary files on WordPress servers by exploiting a path traversal flaw in the Void Elementor Post Grid A...

This vulnerability allows unauthorized users to access the deploy directory on PingFederate runtime nodes, potentially exposing sensitive configuratio...

A path traversal vulnerability in Synology Camera firmware allows remote attackers to read specific non-sensitive files via the Language Settings func...

This vulnerability allows unauthenticated attackers to read arbitrary files on WhatsUp Gold servers with IIS application pool privileges. It affects W...

This vulnerability in Virto Bulk File Download for SharePoint allows attackers to force the server to authenticate to a malicious UNC share, potential...

This CVE describes a directory traversal vulnerability in TIBCO EBX software that allows attackers to access sensitive files outside the intended dire...

This vulnerability in @jmondi/url-to-png allows attackers to read arbitrary files from the server by exploiting Playwright's screenshot feature with f...

This vulnerability in h2oai/h2o-3 version 3.40.0.4 allows remote attackers to view the entire filesystem path structure where the application is hoste...

DSpace has a path traversal vulnerability in its Simple Archive Format (SAF) import functionality that allows attackers to read arbitrary files on the...

A path traversal vulnerability in Samsung Members app allows attackers to read and write arbitrary files with the app's privileges. This affects Samsu...

A directory traversal vulnerability in Ianproxy v0.1 and earlier allows remote attackers to access sensitive files outside the intended directory. Thi...

This path traversal vulnerability in Fortinet FortiRecorder allows privileged attackers to delete arbitrary files from the underlying filesystem via c...

A path traversal vulnerability in My Text Editor v1.6.2 allows attackers to write arbitrary files to internal storage, potentially causing Denial of S...

A path traversal vulnerability in Moo Chan Song v4.5.7 allows attackers to write arbitrary files to internal storage, potentially causing Denial of Se...

Signal K Server versions prior to 2.20.3 on Windows systems contain a path traversal vulnerability in the applicationData API. Authenticated users can...

This CVE describes a path traversal vulnerability in Rarlab RAR App for Android that allows attackers to read or write arbitrary files remotely. Only ...

This critical vulnerability in Vvvebjs allows remote attackers to perform path traversal attacks via the 'File' parameter in /save.php. Attackers can ...

This vulnerability in OpenBSD's readdir function allows directory traversal attacks when processing untrusted file systems. Attackers could potentiall...

This vulnerability allows an attacker to create arbitrary directories on a Salt master via directory traversal in the syndic cache directory creation....

This path traversal vulnerability in WordPress allows authenticated users with contributor-level permissions to read arbitrary HTML files on Windows s...

The BFG Tools – Extension Zipper WordPress plugin up to version 1.0.7 contains a path traversal vulnerability in the zip() function. Authenticated a...

This path traversal vulnerability in QNAP File Station 5 allows authenticated administrators to read arbitrary files on the system. Attackers who comp...

The ShortPixel Image Optimizer WordPress plugin contains a path traversal vulnerability that allows authenticated attackers with Editor-level permissi...

The Code Explorer WordPress plugin up to version 1.4.6 contains a path traversal vulnerability in the 'file' parameter. This allows authenticated atta...

A path traversal vulnerability in QNAP operating systems allows authenticated administrators to read arbitrary files. This affects QNAP NAS devices ru...

This CVE describes a path traversal vulnerability in QNAP operating systems that allows authenticated attackers with administrator privileges to read ...

The Zephyr Project Manager WordPress plugin has a directory traversal vulnerability that allows authenticated users with Custom-level access or higher...

This vulnerability in Weaviate OSS allows attackers to read arbitrary files accessible to the service process when specific conditions are met. It aff...

The WatchTowerHQ WordPress plugin contains an arbitrary file read vulnerability that allows authenticated attackers with administrator privileges and ...

The Simple Download Counter WordPress plugin has a path traversal vulnerability that allows authenticated attackers with Administrator privileges to r...

This vulnerability allows authenticated administrators in Cisco Unified CCX web UI to perform directory traversal attacks, potentially accessing arbit...

This vulnerability allows authenticated attackers to download arbitrary files from affected Aruba networking devices through path traversal attacks. I...

This vulnerability allows authenticated attackers to download arbitrary files from AOS-10 GW and AOS-8 Controller/Mobility Conductor systems through a...

The Error Log Viewer WordPress plugin contains a directory traversal vulnerability that allows authenticated attackers with Administrator privileges t...

A path traversal vulnerability in QNAP operating systems allows authenticated attackers with administrator privileges to read arbitrary files. This af...

A path traversal vulnerability in QNAP operating systems allows authenticated attackers with administrator privileges to read arbitrary files. This af...

This path traversal vulnerability in the Barcode Scanner with Inventory & Order Manager WordPress plugin allows attackers to download arbitrary files ...

This vulnerability allows authenticated administrators on Ivanti Policy Secure to read arbitrary files through specially crafted web requests. It affe...

This path traversal vulnerability in the WordPress Plugin Inspector plugin allows attackers to download arbitrary files from the server by manipulatin...