CWE-22: Path Traversal

This vulnerability allows attackers to delete arbitrary files on servers running vulnerable versions of LibreChat via path traversal in the /api/files...

Applio voice conversion tool versions 3.2.8-bugfix and prior contain a path traversal vulnerability that allows attackers to delete arbitrary files on...

This CVE-2025-1127 vulnerability allows attackers to execute arbitrary code as an unprivileged user and modify any filesystem data through improper pa...

This directory traversal vulnerability in OpenPanel's File Manager allows attackers to access files outside the intended directory structure. Attacker...

This directory traversal vulnerability in Wavlink AC3000 routers allows authenticated attackers to bypass file permissions and access restricted direc...

This vulnerability allows attackers to upload arbitrary files to Raisecom network devices via the /upload_netaction.php web interface endpoint. By cra...

CVE-2024-11833 is a path traversal vulnerability in PlexTrac that allows attackers to write arbitrary files to the server filesystem. This affects Ple...

This is an absolute path traversal vulnerability in Quick.CMS 6.7 that allows remote attackers to bypass security restrictions and download or delete ...

This vulnerability in libre-chat v0.0.6 allows attackers to perform path traversal attacks by uploading files with specially crafted filenames. This c...

This vulnerability allows authenticated Kanboard administrators to read and delete arbitrary files on the server by uploading a modified SQLite databa...

This vulnerability allows unauthenticated attackers to perform path traversal attacks on Mitel MiCollab's NuPoint Unified Messaging component. Attacke...

The WooEvents WordPress plugin has a critical vulnerability that allows unauthenticated attackers to overwrite arbitrary files on the server due to in...

This vulnerability allows remote unauthenticated attackers to delete arbitrary files on Ivanti Avalanche servers through path traversal in the skin ma...

This path traversal vulnerability in Enphase IQ Gateway (formerly Envoy) allows unauthenticated attackers to access or create arbitrary files via URL ...

This vulnerability allows attackers to perform path traversal attacks via the snapshot_path parameter in Devika v1's API endpoint. By manipulating thi...

This vulnerability allows remote attackers to read or write arbitrary files on systems running Distinct Intranet Servers TFTP Server 3.10 and earlier....

CVE-2024-4315 is a Local File Inclusion vulnerability in parisneo/lollms version 9.5 that allows attackers to perform directory traversal attacks on W...

The CVE-2024-1873 vulnerability in parisneo/lollms-webui allows attackers to perform path traversal attacks through an exposed /select_database endpoi...

The Startklar Elementor Addons WordPress plugin contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary f...

This path traversal vulnerability in Apache OFBiz allows attackers to access files outside the intended directory. It affects all Apache OFBiz install...

This vulnerability allows unauthenticated attackers to delete arbitrary files on WordPress sites using the Salon booking system plugin. Attackers can ...

This vulnerability in LG Simple Editor allows remote attackers without authentication to delete arbitrary files on affected systems by exploiting a di...

This vulnerability in LG Simple Editor allows remote attackers to delete arbitrary files without authentication by exploiting a directory traversal fl...

This vulnerability in LG Simple Editor allows remote attackers to delete arbitrary files without authentication by exploiting a directory traversal fl...

This vulnerability allows unauthenticated remote attackers to delete arbitrary files on systems running vulnerable versions of LG Simple Editor. Attac...

Lektor CMS versions before 3.3.11 have a path traversal vulnerability that allows remote code execution. Attackers can exploit this by tricking users ...

This vulnerability allows attackers to overwrite arbitrary files on systems running vulnerable versions of PaddlePaddle through path traversal. Attack...

CVE-2024-25065 is a path traversal vulnerability in Apache OFBiz that allows attackers to bypass authentication mechanisms by manipulating file paths....

The WP Compress Image Optimizer WordPress plugin contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary ...

A directory traversal vulnerability in ManageEngine OpManager's uploadMib functionality allows attackers to create arbitrary files on the system by se...

Dreamer CMS versions before 4.0.1 contain a directory traversal vulnerability in the background template management feature. This allows authenticated...

Squidex versions before 7.8.0 have an arbitrary file write vulnerability in the backup restore feature that allows authenticated attackers with squide...

This vulnerability in the Icegram Express WordPress plugin allows administrator-level attackers to perform directory traversal attacks via the show_es...

This CVE describes a directory traversal vulnerability in Yamcs 5.8.6's API storage functionality that allows attackers to delete arbitrary files on t...

CVE-2023-39407 is a path traversal vulnerability in Watchkit that allows unauthorized file access. Attackers can read or modify files outside intended...

This vulnerability allows attackers to perform directory traversal attacks through the contacts file upload interface in Yealink W60B devices. Attacke...

This CVE describes a parameter verification vulnerability in Huawei's installd module that allows unauthorized reading and writing of sandbox files. A...

This CVE describes a parameter verification vulnerability in the installd module that allows unauthorized reading and writing of sandbox files. Attack...

CVE-2020-27514 is a directory traversal vulnerability in ZrLog's admin API that allows remote attackers to delete arbitrary files on the server. This ...

A path traversal vulnerability in Control ID IDSecure 4.7.26.0 and earlier allows attackers to delete arbitrary files on the system filesystem. This c...

This vulnerability allows unauthenticated remote attackers to delete arbitrary files on systems running Trend Micro Mobile Security (Enterprise) 9.8 S...

CVE-2022-46945 is an arbitrary file read vulnerability in Nagvis versions before 1.9.34. Attackers can exploit the NagVisHoverUrl.php component to rea...

This vulnerability in TIBCO EBX Add-ons allows attackers to upload arbitrary files to web-accessible directories, potentially leading to remote code e...

CVE-2023-27812 is an arbitrary file deletion vulnerability in bloofox v0.5.2 that allows attackers to delete any file on the server via the delete_fil...

CVE-2022-2560 is an unauthenticated path traversal vulnerability in EnterpriseDT CompleteFTP Server that allows remote attackers to delete arbitrary f...

CVE-2023-24188 is a directory traversal vulnerability in ureport v2.2.9 that allows attackers to delete arbitrary files on the server by exploiting th...

This CVE describes a directory traversal vulnerability in ASUS RT-AC68U router's Cloud Disk feature that allows remote attackers to write arbitrary fi...

This vulnerability allows unauthenticated attackers to delete arbitrary files on WordPress sites running the vulnerable Product Configurator for WooCo...

This vulnerability in Concrete CMS allows authenticated attackers to perform directory traversal via the file upload endpoint, potentially leading to ...

Fast Food Ordering System v1.0 contains an arbitrary file deletion vulnerability in the Master.php component. Attackers can delete any file on the ser...