CWE-22: Path Traversal

This path traversal vulnerability in Infocob CRM Forms WordPress plugin allows attackers to download arbitrary files from the server by manipulating f...

This path traversal vulnerability in the Nomupay Payment Processing Gateway WordPress plugin allows attackers to download arbitrary files from the ser...

This path traversal vulnerability in Zyxel AMG1302-T10B firmware allows authenticated administrators to access restricted directories via crafted HTTP...

This path traversal vulnerability in the Fonto WordPress plugin allows attackers to download arbitrary files from the server by manipulating file path...

This vulnerability in the Export and Import Users and Customers WordPress plugin allows authenticated attackers with Administrator privileges to perfo...

This vulnerability allows authenticated WordPress administrators to perform directory traversal attacks via the Order Export & Order Import for WooCom...

This path traversal vulnerability (CWE-22) in Ixia/Keysight products allows attackers to delete arbitrary files on the system. It affects Ixia/Keysigh...

A path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below allows authenticated administrators to access files outside intended dire...

A path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below allows remote authenticated attackers with admin privileges to access fil...

This path traversal vulnerability in the Keep Backup Daily WordPress plugin allows attackers to download arbitrary files from the server by manipulati...

This path traversal vulnerability in Synology Active Backup for Business allows authenticated administrators to delete arbitrary files on the system. ...

This path traversal vulnerability in the WOLF WordPress plugin allows attackers to access files outside the intended directory. It affects all WordPre...

This vulnerability allows authenticated users with read access to the Juju controller model to download arbitrary files from the controller's filesyst...

This path traversal vulnerability in WP Ultimate Exporter allows attackers to read arbitrary files on the server by manipulating file paths. It affect...

This path traversal vulnerability in the WPMasterToolKit WordPress plugin allows attackers to download arbitrary files from the server by manipulating...

A directory traversal and local file inclusion vulnerability in Kurmi Provisioning Suite allows authenticated administrators to access arbitrary files...

This path traversal vulnerability in QNAP operating systems allows remote attackers with administrator access to read arbitrary files outside intended...

This path traversal vulnerability in QNAP operating systems allows remote attackers with administrator access to read arbitrary files outside intended...

This vulnerability allows an authenticated administrator user in Wowza Streaming Engine to read arbitrary files on the server through path traversal. ...

This path traversal vulnerability in the WOLF WordPress plugin allows attackers to access files outside the intended directory by manipulating file pa...

Funadmin v5.0.2 contains an arbitrary file read vulnerability in the /curd/index/editfile endpoint. This allows attackers to read sensitive files from...

This vulnerability allows authenticated attackers to read arbitrary files on the underlying operating system with root privileges. It affects Adguard ...

This path traversal vulnerability in PowerPack Lite for Beaver Builder allows attackers to access files outside the intended directory. It affects Wor...

This path traversal vulnerability in Tutor LMS WordPress plugin allows attackers to access files outside the intended directory. It affects all Tutor ...

This path traversal vulnerability in Jordy Meow Database Cleaner WordPress plugin allows attackers to read arbitrary files on the server by manipulati...

This path traversal vulnerability in the Woocommerce - Recent Purchases plugin allows attackers to include local PHP files on the server through impro...

This path traversal vulnerability in the German Mesky GMAce WordPress plugin allows attackers to download arbitrary files from the server by manipulat...

This vulnerability allows authenticated administrators in Adobe ColdFusion to read arbitrary files on the server through path traversal. Attackers wit...

This vulnerability allows a rogue administrator in Concrete CMS to inject malicious JavaScript code through the Image Editor Background Color feature,...

This CVE describes a path traversal vulnerability in Sanluan PublicCMS that allows attackers to write files to arbitrary locations on the server. The ...

This vulnerability in TinyFileManager allows attackers to perform path traversal attacks by manipulating the 'fullpath' parameter in tinyfilemanager.p...

CVE-2025-12250 is a path traversal vulnerability in OpenWGA 7.11.12 Build 737 that allows attackers to access files outside the intended directory via...

This vulnerability in ChurchCRM allows attackers to perform path traversal attacks via the restoreFile parameter in the backup restore functionality. ...

This vulnerability allows authenticated privileged users to modify non-sensitive files through path traversal in the CLI's limited shell. It affects E...

This critical vulnerability in jshERP allows remote attackers to perform path traversal attacks via the Title parameter in the exportExcelByParam func...

This critical vulnerability in Doufox allows remote attackers to perform path traversal attacks by manipulating the 'dir' parameter in the /?s=doudou&...

This vulnerability allows authenticated remote attackers to bypass authentication and execute arbitrary code on Allegra installations via directory tr...

This vulnerability allows authenticated remote attackers to bypass authentication and execute arbitrary code via a directory traversal flaw in Allegra...

CVE-2025-11563 is a path traversal vulnerability in wcurl where URLs containing percent-encoded slashes (like %2F or %5C) can trick the tool into savi...

CVE-2025-12757 is an information disclosure vulnerability in AXIS Camera Station Pro where non-admin users can access restricted information. This aff...

This vulnerability in HIKSEMI NAS products allows attackers to access sensitive system files through improper filename handling. It affects users of c...

This path traversal vulnerability in Canonical LXD LXD-UI allows authenticated attackers to access or modify resources outside intended directories by...

This vulnerability allows authenticated attackers on the same network to create arbitrary files on OPNsense systems. The flaw exists in the backup con...

A path traversal vulnerability in SecureDrop Client allows attackers with existing code execution in one virtual machine to achieve code execution in ...

OpenClaw versions before 2026.2.17 contain a path traversal vulnerability in the $include directive that allows attackers with config modification cap...

A path traversal vulnerability in QNAP File Station 5 allows local attackers with administrator privileges to read arbitrary files and system data. Th...

A path traversal vulnerability in Smartbit CommV Smartschool App allows attackers with local access to manipulate file paths through the be.smartschoo...

This CVE describes a path traversal vulnerability in the atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. It allows local attackers to access f...

A path traversal vulnerability in System Information Reporter (SIR) versions 1.0.3 and earlier allows authenticated high-privilege users to create or ...

A path traversal vulnerability in the lollms-webui allows attackers to perform vectorize operations on arbitrary .sqlite files on the victim's compute...