CWE-22: Path Traversal

CVE-2022-24840 is a path traversal vulnerability in django-s3file that allows attackers to access or delete files across an entire AWS S3 bucket. All ...

This is a path traversal vulnerability in HID Mercury Intelligent Controllers that allows authenticated attackers to upload files anywhere on the file...

CVE-2022-25591 is an arbitrary file deletion vulnerability in BlogEngine.NET that allows attackers to delete files within the web server root director...

This path traversal vulnerability in StruxureWare Data Center Expert allows attackers to access files outside the intended directory, potentially lead...

CVE-2022-26960 is a path traversal vulnerability in elFinder's connector.minimal.php that allows unauthenticated attackers to read, write, and browse ...

CVE-2022-23357 is a directory traversal vulnerability in mozilo2.0 CMS that allows attackers to access arbitrary files on the server via the 'curent_d...

CVE-2021-40525 is a path traversal vulnerability in Apache James ManagedSieve implementation that allows attackers to read and write arbitrary files o...

This vulnerability in Qibosoft v7 allows attackers to delete arbitrary files via the /admin/index.php endpoint with specific parameters. Attackers can...

This CVE describes an authenticated directory traversal vulnerability in Lantronix PremierWave 2050's Web Manager FsTFtp functionality. An attacker wi...

CVE-2021-45015 is an arbitrary file deletion vulnerability in TaoCMS that allows attackers to delete any file on the server. This affects TaoCMS 3.0.2...

This CVE describes a path traversal vulnerability in Huawei smartphones running HarmonyOS that allows attackers to create arbitrary files. Successful ...

This path traversal vulnerability in Huawei smartphones allows attackers to delete arbitrary files on affected devices. The vulnerability affects Huaw...

This vulnerability allows attackers to create arbitrary files on Huawei smartphones by exploiting improper pathname restrictions. It affects Huawei de...

This CVE describes a path traversal vulnerability in the Barcode plugin for GLPI that allows attackers to read arbitrary files on the server. It affec...

CVE-2021-33724 is an arbitrary file deletion vulnerability in Siemens SINEC NMS that allows attackers to delete files or directories at user-controlle...

ECOA BAS controller has an unauthenticated path traversal vulnerability that allows remote attackers to delete arbitrary files via a specific GET para...

The OMGF WordPress plugin before version 4.5.4 has an unauthenticated path traversal vulnerability in its REST API. This allows attackers to overwrite...

This vulnerability allows attackers to exploit a path traversal flaw in Schneider Electric's Harmony HMI products when accessed via FTP. Attackers cou...

This vulnerability in TensorFlow allows attackers to overwrite arbitrary files on the system when tf.keras.utils.get_file is used with extract=True on...

CVE-2021-34363 is a path traversal vulnerability in thefuck Python package that allows attackers to delete arbitrary files via the 'undo archive opera...

MetInfo 7.0 beta contains a path traversal vulnerability that allows attackers to delete and modify critical INI configuration files. This affects all...

This vulnerability allows authenticated attackers with network access to WAGO PFC200 devices to access the file system with elevated privileges via sp...

This vulnerability allows attackers to delete arbitrary files on the server through directory traversal in the file deletion functionality of transfer...

This path traversal vulnerability in iCMS v7.0.13 allows remote attackers to delete arbitrary folders on the server by sending specially crafted HTTP ...

CVE-2020-17563 is a path traversal vulnerability in FeiFeiCMS v4.0 that allows remote attackers to delete arbitrary files on the server by sending a s...

CVE-2021-20078 is a path traversal vulnerability in ManageEngine OpManager's Spark Gateway component that allows remote attackers to delete arbitrary ...

This directory traversal vulnerability in ELECOM File Manager allows remote attackers to create or overwrite arbitrary files within directories access...

CVE-2020-15097 is a path traversal vulnerability in loklak server that allows attackers to read and write arbitrary files on the server filesystem. Th...

This vulnerability in the mozwire Rust crate allows attackers to perform directory traversal attacks, enabling them to overwrite local configuration f...

CVE-2020-26837 is a path traversal vulnerability in SAP Solution Manager 7.2's User Experience Monitoring component that allows authenticated users to...

This vulnerability allows a malicious mail server to overwrite arbitrary files on Apple devices through a path handling issue in mail processing. It a...

CVE-2020-18191 is a directory traversal vulnerability in GetSimpleCMS 3.3.15 that allows remote attackers to delete arbitrary files via the /admin/log...

This vulnerability allows attackers to modify and upload arbitrary files by exploiting improper pathname limitations in Circuit Provisioning and File ...

This vulnerability in oxidized-web allows unauthenticated attackers to execute arbitrary commands as the Linux user running the oxidized-web service. ...

This vulnerability in Nix package manager allows attackers to write arbitrary files to any location the Nix process can access. When the Nix daemon ru...

This vulnerability in the Bit Form WordPress plugin allows authenticated attackers with Administrator-level access to read and delete arbitrary files ...

This vulnerability allows unauthenticated attackers to perform local file inclusion (LFI) through path traversal in the ListingPro WordPress plugin. A...

This vulnerability allows unauthenticated attackers to perform path traversal attacks, leading to local file inclusion in the Consulting Elementor Wid...

This vulnerability allows unauthenticated attackers to perform path traversal attacks in the StylemixThemes MegaMenu WordPress plugin, leading to loca...

This vulnerability allows unauthenticated attackers to perform path traversal attacks in the Stockholm WordPress theme, leading to local file inclusio...

This vulnerability allows unauthenticated attackers to perform path traversal attacks in the XStore WordPress theme, leading to local file inclusion. ...

This CVE describes a vulnerability in Git where specially crafted repositories with submodules can trick Git into writing files into a .git/ directory...

This vulnerability allows an attacker with local access to a Microsoft Azure Kubernetes Service (AKS) confidential container to elevate privileges and...

CVE-2023-35169 is a critical directory traversal vulnerability in PHP-IMAP library that allows unauthenticated attackers to achieve remote code execut...

A path traversal vulnerability in Samsung Galaxy Themes Service allows attackers to access arbitrary files with system-level privileges. This affects ...

A directory traversal vulnerability in GateManager's file upload function allows authenticated administrators to read and write arbitrary files on the...

This vulnerability in SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files via a crafted cookie, leading to remote command executi...