CWE-23: CWE-23

This vulnerability allows low-privileged Splunk users without admin or power roles to write files to the Windows system root directory (typically Syst...

This vulnerability in MobSF allows attackers to bypass Zip Slip protections during static library analysis, enabling arbitrary file extraction to any ...

A relative path traversal vulnerability in Digilent WaveForms allows attackers to execute arbitrary code by tricking users into opening malicious .DWF...

This Windows kernel vulnerability allows an authenticated attacker to execute arbitrary code with SYSTEM privileges, potentially taking full control o...

Keysight Geolocation Server v2.4.2 and earlier contain a path traversal vulnerability that allows attackers to upload malicious files or delete arbitr...

This CVE describes a relative path traversal vulnerability in Fortinet FortiClient for Windows that allows attackers to execute arbitrary code or comm...

CVE-2023-23379 is an elevation of privilege vulnerability in Microsoft Defender for IoT that allows authenticated attackers to execute arbitrary code ...

This CVE describes a redirect vulnerability in JupyterLab where clicking a malicious link can expose Authorization and XSRFToken tokens to third parti...

This vulnerability allows attackers with service user privileges to perform relative path traversal attacks in B. Braun medical devices. By uploading ...

CVE-2026-25575 is a path traversal vulnerability in NavigaTUM's propose_edits endpoint that allows unauthenticated attackers to overwrite files in wri...

A path traversal vulnerability in apko's dirFS filesystem abstraction allows attackers to create directories or symlinks outside the intended installa...

The Gotac Statistics Database System contains an arbitrary file read vulnerability that allows unauthenticated remote attackers to download any system...

CVE-2025-67366 is a critical path traversal vulnerability in @sylphxltd/filesystem-mcp v0.5.8 that allows attackers to bypass directory restrictions u...

WMPro software developed by Sunnet contains an arbitrary file read vulnerability due to relative path traversal. Unauthenticated remote attackers can ...

Cola Dnslog v1.3.2 has a directory traversal vulnerability in TXT record processing that allows attackers to read arbitrary files on the server. This ...

CVE-2025-15015 is an arbitrary file read vulnerability in Ragic's Enterprise Cloud Database that allows unauthenticated remote attackers to download a...

A relative path traversal vulnerability in NI System Web Server allows attackers to read arbitrary files by sending specially crafted requests. This a...

CVE-2025-13161 is an arbitrary file read vulnerability in IQ-Support software that allows unauthenticated remote attackers to download any system file...

A relative path traversal vulnerability in QuMagie allows remote attackers to read arbitrary files on the system. This affects all QuMagie installatio...

A path traversal vulnerability in Apache Tomcat allows attackers to bypass security constraints protecting sensitive directories like /WEB-INF/ and /M...

An unauthenticated remote attacker can exploit a relative path traversal vulnerability in Productivity Suite software to delete arbitrary files on the...

An unauthenticated remote attacker can exploit a relative path traversal vulnerability in Productivity Suite software to write arbitrary files to the ...

Agentflow software by Flowring contains an unauthenticated arbitrary file reading vulnerability via relative path traversal. Remote attackers can expl...

CVE-2025-9639 is an arbitrary file reading vulnerability in Ai3's QbiCRMGateway software that allows unauthenticated remote attackers to download any ...

A path traversal vulnerability in AstrBot versions 3.4.4 through 3.5.12 allows attackers to access sensitive files like API keys and passwords. This a...

OpenEMR versions before 7.3.0 contain a directory traversal vulnerability in the Load Code feature that allows attackers to read arbitrary files on th...

This CVE describes a path traversal vulnerability in Apache Commons VFS where encoded '..' sequences (%2E%2E) bypass the NameScope.DESCENDENT validati...

An unauthenticated attacker can delete critical files like polyaxon.sock within Polyaxon containers, causing API containers to exit and leading to den...

The WP Ghost (Hide My WP Ghost) plugin for WordPress has a path traversal vulnerability in the showFile function, allowing unauthenticated attackers t...

This vulnerability in Rack's static file serving component allows attackers to bypass directory restrictions and access any file under the configured ...

CVE-2024-11309 is a path traversal vulnerability in DVC from TRCore that allows unauthenticated remote attackers to read arbitrary system files. This ...

CVE-2024-9922 is a path traversal vulnerability in Team+ software from TEAMPLUS TECHNOLOGY that allows unauthenticated remote attackers to read arbitr...

CVE-2024-7693 is a relative path traversal vulnerability in Raiden MAILD Remote Management System that allows unauthenticated remote attackers to read...

This vulnerability allows attackers to read arbitrary files on the system by providing a crafted path parameter to an application's file zipping funct...

A directory traversal vulnerability in the stitionai/devika repository allows attackers to download arbitrary PDF files from the system by manipulatin...

This vulnerability in ABB's S+ Control API component allows attackers to exploit path traversal (CWE-23) through the VPNI feature. It affects multiple...

CVE-2024-2053 is a critical vulnerability in Artica Proxy's administrative web application that allows unauthenticated attackers to execute arbitrary ...

NVIDIA Triton Inference Server has a path traversal vulnerability when launched with the --model-control explicit option. Attackers can exploit this v...

Parse Server crashes when processing file uploads without file extensions, causing denial of service. This affects all Parse Server deployments runnin...

This vulnerability allows attackers to download arbitrary files from affected systems using relative path traversal in the 'Download file' parameter. ...

This vulnerability allows attackers to perform relative path traversal attacks in Cecil static site generator. By manipulating file paths, attackers c...

A path traversal vulnerability in Rockwell Automation ThinManager ThinServer allows remote attackers to read arbitrary files on the server's file syst...

This vulnerability in OFFIS DCMTK's service class user (SCU) allows attackers to write DICOM files to arbitrary directories via relative path traversa...

A relative path traversal vulnerability in SonicWall SMA appliances allows unauthenticated remote attackers to upload arbitrary files as a low-privile...

This vulnerability allows unauthenticated remote attackers to read arbitrary files on ArcGIS GeoEvent Server systems by exploiting a directory travers...

CVE-2024-22415 is a path traversal vulnerability in jupyter-lsp that allows attackers to access and modify files outside the Jupyter root directory wh...

This zip slip vulnerability in XINJE XD/E Series PLC Program Tool allows attackers to write arbitrary files when opening malicious project files or re...

CVE-2021-43555 is a path traversal vulnerability in mySCADA myDESIGNER that allows attackers to write arbitrary files to the file system via malicious...

This vulnerability allows authenticated remote attackers to overwrite arbitrary files on Q-Free MaxTime systems by exploiting a relative path traversa...

CVE-2025-23360 is a relative path traversal vulnerability in NVIDIA Nemo Framework that allows authenticated users to write arbitrary files to uninten...