CWE-22: Path Traversal

This CVE describes a path traversal vulnerability in JoeyBling bootplus that allows attackers to access files outside the intended directory by manipu...

This CVE describes a path traversal vulnerability in Shanghai Lingdang Information Technology's Lingdang CRM software. Attackers can manipulate the 'p...

An authenticated attacker can exploit this vulnerability in AC500 V3 products to read system-wide files and configurations. This affects all AC500 V3 ...

This CVE-2024-12793 is a path traversal vulnerability in PbootCMS that allows attackers to access files outside the intended directory by manipulating...

This CVE describes a path traversal vulnerability in InvoicePlane's invoices.php file that allows attackers to access arbitrary files on the server by...

This CVE describes a path traversal vulnerability in Samsung's Quick Share Agent on Android devices. It allows adjacent attackers (on the same network...

This path traversal vulnerability in Samsung's ThemeCenter allows physical attackers with device access to copy APK files to arbitrary locations using...

This vulnerability affects multiple Siemens industrial network devices where improper filename validation for certificates allows authenticated remote...

RockOA v2.6.5 contains a directory traversal vulnerability in the beifenAction.php file that allows attackers to read arbitrary files on the server by...

This path traversal vulnerability in TpMeCMS allows attackers to access files outside the intended directory by manipulating the 'lang' parameter in t...

This vulnerability allows remote attackers to perform path traversal attacks in Yunke Online School System versions up to 3.0.6. By manipulating the '...

This vulnerability allows remote attackers to perform path traversal attacks via the 'sitio' parameter in the /abcd/opac/php/otros_sitios.php file in ...

This CVE describes a path traversal vulnerability in BeikeShop's exportZip function that allows attackers to access files outside the intended directo...

The WordPress File Upload plugin contains a directory traversal vulnerability that allows authenticated attackers with Contributor-level access or hig...

This vulnerability allows remote attackers to perform directory traversal attacks on IBM Datacap Navigator systems. By sending specially crafted URLs ...

This vulnerability allows directory traversal attacks in Django applications that use custom Storage subclasses. Attackers can potentially read or wri...

The Spectra WordPress plugin (formerly Ultimate Addons for Gutenberg) has a path traversal vulnerability that allows authenticated users with contribu...

This CVE describes a directory traversal vulnerability in SaltStack's master cache creation that allows attackers to write or overwrite files outside ...

CVE-2026-29190 is a path traversal vulnerability in Karapace's backup reader that allows arbitrary file read when processing malicious backup files. T...

A path traversal vulnerability in Vim's tar.vim plugin allows specially crafted tar archives to overwrite arbitrary files when opened. This affects Vi...

A path traversal vulnerability in Samsung's Document scanner allows local attackers to delete arbitrary files with the application's elevated privileg...

A path validation vulnerability in macOS allows applications to escape their sandbox restrictions. This affects macOS Ventura, Sonoma, and Sequoia ver...

A path validation vulnerability in macOS allows applications to bypass directory restrictions and access protected user data. This affects macOS Ventu...

This vulnerability involves insecure permissions in Netgear WNR614 JNR1010V2 routers, allowing attackers to access URLs and directories embedded withi...

This CVE describes a path traversal vulnerability in MuYuCMS 2.7's Template Management Page. Attackers can remotely exploit the delete_dir_file functi...

This vulnerability in GreenCMS allows remote attackers to perform path traversal attacks by manipulating sqlFiles or zipFiles parameters in the File H...

This path traversal vulnerability in Desktop Alert PingAlert allows attackers to load arbitrary external content by manipulating file paths. It affect...

This vulnerability allows local network attackers to perform path traversal attacks via the firmware update service in D-Link DCS-850L cameras. By man...

A vulnerability in Astro framework's development server allows attackers to read arbitrary local image files through the image optimization endpoint. ...

This CVE describes a path traversal vulnerability in jshERP up to version 3.6 that allows remote attackers to manipulate file paths during plugin inst...

A directory traversal vulnerability in SOLIDserver IPAM v8.2.3 allows authenticated administrators to list directories outside their authorized scope ...

This vulnerability in ChestnutCMS allows attackers to perform path traversal attacks via the resourceDownload function, enabling unauthorized file rea...

This CVE describes a path traversal vulnerability in D-Link DCS-700L IP cameras running firmware version 1.03.09. Attackers on the local network can e...

A path traversal vulnerability in Brocade Fabric OS allows local admin users to access files outside intended directories, potentially exposing sensit...

This vulnerability allows attackers to stage files outside the repository boundaries using path traversal sequences (../) in the git_add tool. It affe...

This vulnerability allows unauthenticated attackers to perform path traversal and content injection in DynamicWeb's JobRunnerBackground.aspx file, lea...

This is an unauthenticated path traversal vulnerability in AMR Printer Management 1.01 Beta web service that allows attackers to read arbitrary files ...

A path traversal vulnerability in Digitek ADT1100 and DT950 devices allows attackers to access arbitrary files on the server's file system by manipula...

A relative path traversal vulnerability in Lexmark's Embedded Solutions Framework allows attackers to access files outside intended directories and ex...

This vulnerability in Wikimedia Foundation's CheckUser extension allows unauthorized access to sensitive user contribution data. It affects administra...

This vulnerability in Wikimedia Foundation's TextExtracts extension allows attackers to execute arbitrary code or access sensitive data through improp...

This vulnerability in Wikimedia Foundation's Thanks extension allows attackers to execute unauthorized actions through the ThanksQueryHelper.php file....

This vulnerability in MediaWiki's EnhancedChangesList.php allows attackers to potentially execute unauthorized actions or access sensitive data throug...

This vulnerability in Wikimedia Foundation's CheckUser extension allows unauthorized access to user information. It affects systems running CheckUser ...

This vulnerability in MediaWiki's ApiQueryAllPages.php allows attackers to potentially access or manipulate page data through the API. It affects Medi...

This vulnerability in Wikimedia Foundation's CheckUser extension allows unauthorized access to user information through the UserInfoHandler API endpoi...

This vulnerability in MediaWiki's AuthManager.php allows attackers to bypass authentication mechanisms under specific conditions. It affects all Media...

This vulnerability in MediaWiki's block list functionality could allow attackers to access sensitive information or perform unauthorized actions. It a...

This CVE describes a path traversal vulnerability in pip's wheel archive extraction. When installing a maliciously crafted wheel file, attackers can w...

EAP Legislator contains a path traversal vulnerability in its file extraction functionality. Attackers can craft malicious zipx archives that, when op...