CWE-22: Path Traversal

This vulnerability allows an attacker who has compromised a GoCD agent to upload malicious files to a GoCD server directory. While they can control th...

CMSimple 5.4 contains a directory traversal vulnerability in config.php that allows attackers to manipulate file names to execute arbitrary code remot...

The Narnoo Distributor WordPress plugin through version 2.5.1 contains a path traversal vulnerability that allows attackers to read arbitrary files on...

This path traversal vulnerability in tinyfilemanager allows attackers to access files outside the intended directory by manipulating file paths. It af...

This vulnerability allows authenticated administrators of PONTON X/P Messenger to upload ZIP files containing executable scripts via a path traversal ...

A directory traversal vulnerability in ClairCore allows attackers to write arbitrary files to the filesystem by uploading a malicious container image....

This vulnerability allows attackers to write arbitrary files to the Schneider Electric Interactive Graphical SCADA System Data Server through path tra...

This vulnerability in the Essential Addons for Elementor WordPress plugin allows unauthenticated attackers to perform Local File Inclusion attacks, re...

This vulnerability allows attackers to write arbitrary files outside the intended extraction directory when extracting ZIP archives using zip-local. T...

CVE-2021-37128 is a path traversal vulnerability in HwPCAssistant that allows attackers to write arbitrary files to the filesystem. This affects Huawe...

CVE-2021-45427 allows unauthenticated attackers to delete arbitrary files on Emerson XWEB 300D EVO systems due to path traversal vulnerabilities and i...

CVE-2021-31746 is a Zip Slip vulnerability in Pluck-CMS that allows attackers to upload malicious zip files containing directory traversal paths. When...

CVE-2021-43676 is a path manipulation vulnerability in the matyhtf framework's Smarty.class.php that allows attackers to read arbitrary files on the s...

ThinkUp 2.0-beta.10 contains a path manipulation vulnerability in Smarty.class.php that allows attackers to potentially read arbitrary files on the se...

CVE-2021-43691 is a path traversal vulnerability in tripexpress v1.1 that allows attackers to write arbitrary files to the server filesystem by manipu...

CVE-2021-29212 is a critical directory traversal vulnerability in HPE iLO Amplifier Pack that allows unauthenticated remote attackers to execute arbit...

This vulnerability allows attackers to perform directory traversal attacks in Gridpro Request Management for Windows Azure Pack, potentially leading t...

CVE-2021-40887 is a critical directory traversal vulnerability in ProjectSend file sharing software that allows attackers to upload arbitrary files to...

CVE-2021-42013 is a critical path traversal vulnerability in Apache HTTP Server that allows attackers to access files outside configured directories. ...

CVE-2021-41773 is a path traversal vulnerability in Apache HTTP Server 2.4.49 that allows attackers to access files outside configured directories. If...

This vulnerability in Concrete CMS allows attackers to perform path traversal attacks through external forms, leading to remote code execution. It aff...

CVE-2021-22005 is a critical arbitrary file upload vulnerability in VMware vCenter Server's Analytics service. Attackers with network access to port 4...

OpenSIS Community Edition versions up to 7.6 contain a local file inclusion vulnerability in DownloadWindow.php via the 'filename' parameter. This all...

This vulnerability in go-unarr 0.1.1 allows attackers to perform directory traversal attacks via specially crafted TAR archives containing '../' seque...

This vulnerability in Metinfo CMS allows attackers to escalate privileges by exploiting improper path handling when deleting columns. Attackers can de...

This vulnerability in SerenityOS allows attackers to exploit directory traversal in tar/unzip utilities, potentially leading to arbitrary command exec...

CVE-2021-33576 is a path traversal vulnerability in Cleo LexiCom AS2 file transfer software. Attackers can manipulate filenames in AS2 messages to wri...

CVE-2020-18178 is a critical path traversal vulnerability in HongCMS v4.0.0 that allows remote attackers to read, modify, or delete arbitrary files on...

CVE-2021-31800 is a critical path traversal vulnerability in Impacket's SMB server (smbserver.py) that allows attackers to read and write arbitrary fi...

CVE-2021-28959 is a critical directory traversal vulnerability in Zoho ManageEngine Eventlog Analyzer that allows unauthenticated attackers to upload ...

This CVE describes an unauthenticated path traversal vulnerability in Buffalo router web interfaces that allows attackers to bypass authentication mec...

CVE-2021-29417 is a critical directory traversal vulnerability in gitjacker versions before 0.1.0 that allows remote attackers to execute arbitrary co...

This vulnerability allows attackers to perform directory traversal attacks when DAV is enabled in AfterLogic Aurora and WebMail Pro. Attackers can cre...

CVE-2021-21972 is a critical remote code execution vulnerability in VMware vSphere Client's HTML5 interface. It allows unauthenticated attackers with ...

CVE-2021-3199 is a critical directory traversal vulnerability in ONLYOFFICE Document Server that allows authenticated attackers to upload malicious fi...

CVE-2020-27637 is a critical path traversal vulnerability in CRAN, R's default package manager, that allows attackers to write arbitrary files outside...

CVE-2020-13450 is a critical directory traversal vulnerability in Gotenberg's file upload function that allows attackers to upload and overwrite files...

This directory traversal vulnerability in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter in post...

CVE-2020-28187 is a critical directory traversal vulnerability in TerraMaster TOS that allows authenticated attackers to read, edit, or delete any fil...

CVE-2020-5639 is a directory traversal vulnerability in FileZen file transfer software that allows remote attackers to upload arbitrary files to speci...

This vulnerability in NGINX Controller Agent versions 1.0.1, 2.0.0-2.9.0, and 3.0.0-3.9.0 allows attackers to execute arbitrary code with root privile...

CVE-2017-15681 is a critical directory traversal vulnerability in Crafter CMS Crafter Studio 3.0.1 that allows unauthenticated attackers to overwrite ...

CVE-2020-15929 is a critical path traversal vulnerability in Ortus TestBox that allows unauthenticated attackers to write arbitrary CFM files containi...

A path traversal vulnerability in Intel EMA (Endpoint Management Assistant) allows unauthenticated attackers to access files outside intended director...

CVE-2020-25074 is a directory traversal vulnerability in MoinMoin's cache action that allows attackers who can upload attachments to execute arbitrary...

This is a critical remote code execution vulnerability in Western Digital My Cloud NAS devices that allows attackers to execute arbitrary code with el...

CVE-2020-21526 is a critical directory traversal vulnerability in Halo v1.1.3 that allows authenticated attackers to write arbitrary files to the serv...

CVE-2020-21522 is a Zip Slip directory traversal vulnerability in Halo CMS version 1.1.3 that allows attackers to overwrite critical system files thro...

This vulnerability allows unauthenticated attackers to perform directory traversal attacks via the ReceiverServlet class in HPE Pay Per Use Utility Co...

CVE-2025-10283 is a path traversal vulnerability in BBOT's gitdumper module that allows remote code execution when processing malicious git repositori...