CWE-22: Path Traversal

This vulnerability in MediaWiki's AuthManager.php allows attackers to bypass authentication mechanisms under specific conditions. It affects all Media...

This vulnerability in MediaWiki's block list functionality could allow attackers to access sensitive information or perform unauthorized actions. It a...

This CVE describes a path traversal vulnerability in pip's wheel archive extraction. When installing a maliciously crafted wheel file, attackers can w...

EAP Legislator contains a path traversal vulnerability in its file extraction functionality. Attackers can craft malicious zipx archives that, when op...

SunFounder Pironman Dashboard versions 1.3.13 and earlier contain an unauthenticated path traversal vulnerability in log file API endpoints. Attackers...

This vulnerability in Ralim IronOS affects the ECC/DSA cryptographic implementation in the Pinecilv2 Bluetooth stack. It could allow attackers to comp...

EduSoho versions before 22.4.7 contain an unauthenticated path traversal vulnerability in the classroom-course-statistics export feature. Attackers ca...

A path traversal vulnerability in AdonisJS multipart file handling allows remote attackers to write arbitrary files to arbitrary locations on the serv...

A path traversal vulnerability (CWE-22) in QNAP software for macOS allows local attackers with user accounts to read arbitrary files or system data. T...

An arbitrary file read vulnerability in KEDA allows attackers with permissions to create or modify TriggerAuthentication resources to read any file fr...

This vulnerability in Streama allows authenticated attackers to write arbitrary files to the server filesystem by exploiting path traversal and SSRF i...

The git_init tool in mcp-server-git versions prior to 2025.9.25 allowed arbitrary filesystem path creation of Git repositories without validation. Thi...

This vulnerability allows mcp-server-git instances configured with the --repository flag to bypass path restrictions and perform git operations on una...

NetSupport Manager versions before 14.12.0001 contain an authenticated path traversal vulnerability in the Connectivity Server/Gateway's PUTFILE handl...

APC Network Management Card 4 contains an unauthenticated path traversal vulnerability that allows attackers to read sensitive system files like /etc/...

This path traversal vulnerability in JMRI allows attackers to access files outside the intended directory by manipulating file paths. It affects all J...

A path traversal vulnerability in Console (a network control system for Gorilla Tag mods) allows attackers to escape the intended directory structure ...

A path traversal vulnerability in certain ASUS router models allows authenticated remote attackers to write files outside intended directories. This c...

An authentication bypass vulnerability in AiCloud allows attackers to execute specific functions without proper authorization by exploiting an uninten...

A path traversal vulnerability in WebDAV allows unauthenticated remote attackers to access or modify files outside intended directories. This affects ...

This vulnerability allows unauthenticated attackers to perform directory traversal attacks on BASIS BBj servers, reading arbitrary system files access...

A path traversal vulnerability in Schneider Electric systems allows local network Web Admin users to manipulate file paths via POST /REST/UpdateJRE re...

A local server-side request forgery vulnerability in Studio 5000 Simulation Interface allows any Windows user on the system to trigger outbound SMB re...

A path traversal vulnerability in CVAT allows authenticated users with at least User role to create or overwrite files in the root of mounted file sha...

CVE-2025-64346 is a path traversal vulnerability in the archives Go library that allows attackers to achieve remote code execution or file modificatio...