CWE-22: Path Traversal

This vulnerability allows attackers to perform absolute path traversal attacks in the Wildog/flask-file-server repository, enabling unauthorized file ...

This vulnerability allows attackers to read arbitrary files on the server through absolute path traversal in the cinemaproject/monorepo repository. It...

This vulnerability allows attackers to read arbitrary files on the server through absolute path traversal in the dainst/cilantro repository. It affect...

This vulnerability allows attackers to read arbitrary files on the server through absolute path traversal in the decentraminds/umbral repository. It a...

This vulnerability allows attackers to perform absolute path traversal attacks in OnyxForum, enabling unauthorized file access on the server. It affec...

This vulnerability allows attackers to perform absolute path traversal attacks in Orchest versions before 2022.05.0. By exploiting unsafe usage of Fla...

This vulnerability allows attackers to perform absolute path traversal attacks in the cheo0/MercadoEnLineaBack repository. By exploiting unsafe usage ...

This vulnerability allows attackers to perform absolute path traversal attacks in Ganga software versions before 8.5.10. By exploiting unsafe use of F...

This vulnerability allows attackers to perform absolute path traversal attacks in the iedadata/usap-dc-website repository, enabling unauthorized file ...

This vulnerability allows attackers to read arbitrary files on the server by exploiting an unsafe implementation of Flask's send_file function. It aff...

This vulnerability allows attackers to perform absolute path traversal attacks in the BolunHan/Krypton repository, enabling unauthorized file access. ...

This vulnerability allows attackers to read arbitrary files on the server through absolute path traversal in the Delor4/CarceresBE repository. It affe...

This vulnerability allows attackers to read arbitrary files on the server through absolute path traversal in the HolgerGraef/MSM repository. It affect...

This vulnerability allows attackers to perform absolute path traversal attacks in the Lukasavicus/WindMill repository up to version 1.0. By exploiting...

This vulnerability allows attackers to read arbitrary files on the server through absolute path traversal in the mosaic repository's Flask application...

This vulnerability allows attackers to read arbitrary files on the server through absolute path traversal in the PaddlePaddle/Anakin repository. It af...

This vulnerability in Sandboxie allows authenticated users to read files from other users' sandbox folders, bypassing intended isolation. An attacker ...

CVE-2026-24457 is a path traversal vulnerability in OpenMQ's configuration parsing that allows remote attackers to read arbitrary files from the MQ Br...

The basic-ftp Node.js library contains a path traversal vulnerability in the downloadToDir() method. A malicious FTP server can send filenames contain...

This vulnerability in Octopus Deploy allows attackers to delete files or file contents on the host system through an unauthenticated API endpoint lack...

This vulnerability allows authenticated users of SiYuan personal knowledge management system to write files to arbitrary locations on the filesystem d...

DataGear v5.5.0 contains a path traversal vulnerability (CWE-22) that allows attackers to delete arbitrary files on the server. This affects all DataG...

This CVE describes an Improper Access Control vulnerability in Adobe ColdFusion that allows high-privileged attackers to bypass security controls and ...

A directory traversal vulnerability in Robocode's CacheCleaner component allows attackers to delete arbitrary files on the system by manipulating file...

CVE-2025-65346 is a directory traversal vulnerability in alexusmai/laravel-file-manager that allows attackers to write arbitrary files to any location...

CVE-2025-66410 is a path traversal vulnerability in gin-vue-admin that allows attackers to delete arbitrary files and folders on the server by control...

This vulnerability allows unauthenticated attackers to delete arbitrary .tgz files via path traversal in DB Electronica Telecomunicazioni S.p.A. Mozar...

A path restriction bypass vulnerability in SolarWinds Serv-U allows administrators to execute code on directories they shouldn't have access to. This ...

This vulnerability in n8n-workflows allows attackers to perform directory traversal attacks through the download_workflow function in api_server.py. A...

A privilege escalation vulnerability in aiven-db-migrate allows attackers to gain superuser privileges in PostgreSQL databases during migrations from ...

CVE-2025-54794 is a path traversal vulnerability in Claude Code versions below 0.2.111 that allows attackers to bypass directory restrictions and acce...

The Attachment Manager WordPress plugin has an arbitrary file deletion vulnerability that allows unauthenticated attackers to delete any file on the s...

The Madara - Core WordPress plugin has an arbitrary file deletion vulnerability that allows unauthenticated attackers to delete any file on the server...

This vulnerability in the HT Contact Form WordPress plugin allows unauthenticated attackers to move arbitrary files on the server due to insufficient ...

CVE-2025-53632 is a path traversal vulnerability (zip slip) in Chall-Manager that allows unauthenticated attackers to write arbitrary files outside th...

This vulnerability allows unauthenticated remote attackers to delete arbitrary files on Marvell QConvergeConsole installations. The flaw exists in the...

This vulnerability allows unauthenticated remote attackers to delete arbitrary files on Marvell QConvergeConsole installations. Attackers can exploit ...

The Image Resizer On The Fly WordPress plugin contains an arbitrary file deletion vulnerability that allows unauthenticated attackers to delete any fi...

This directory traversal vulnerability in OpenC3 COSMOS allows attackers to access files outside the intended directory via the /script-api/scripts/ e...

This vulnerability in Traefik allows attackers to bypass router path matching rules by using URL-encoded strings in request paths. This could enable a...

This is a path traversal vulnerability in Kirby CMS that allows attackers to access and execute arbitrary files on the server when dynamic collection ...

This is a path traversal vulnerability in Kirby CMS that allows attackers to read and execute arbitrary files on the server when dynamic snippet names...

FoxCMS v1.2.5 contains an arbitrary file deletion vulnerability in the delRestoreSerie method that allows attackers to delete any file on the server. ...

The Database Toolset WordPress plugin contains an arbitrary file deletion vulnerability that allows unauthenticated attackers to delete any file on th...

Traefik reverse proxy versions before 2.11.24, 3.3.6, and 3.4.0-rc2 contain a path traversal vulnerability in path-based routing matchers. Attackers c...

This vulnerability allows attackers to perform directory traversal attacks by sending a specially crafted POST request to the openSIS messaging module...

This vulnerability allows attackers to delete arbitrary files on systems running the aimhubio/aim tracking server. The flaw exists in the LockManager....

This vulnerability in parisneo/lollms-webui allows attackers to delete any file or directory on the system through path traversal in the upload_app fu...

A path traversal vulnerability in the ONNX framework's download_model function allows attackers to overwrite arbitrary files by exploiting malicious t...

This vulnerability allows attackers to delete arbitrary files on servers running vulnerable versions of LibreChat via path traversal in the /api/files...