CWE-23: CWE-23

This vulnerability in the file_selector package allows malicious document providers to manipulate file names, potentially overriding internal app cach...

This vulnerability in the image_picker library allows malicious document providers to manipulate file names, potentially overwriting internal app cach...

A relative path traversal vulnerability in FortiSOAR allows authenticated attackers to read arbitrary files by uploading malicious solution packs. Thi...

A relative path traversal vulnerability in Qsync Central allows authenticated attackers to read arbitrary files on the system. This affects all Qsync ...

CVE-2025-13771 is an arbitrary file read vulnerability in WebITR software developed by Uniong. Authenticated remote attackers can exploit relative pat...

This vulnerability allows authenticated users to upload files to restricted directories in IBM Jazz Foundation due to improper path neutralization. It...

CVE-2021-4459 is a path traversal vulnerability in Sunny Boy devices that allows authorized remote attackers to access files and directories outside t...

A path traversal vulnerability in Vedo Suite 2024.17 allows authenticated attackers to read arbitrary files on the filesystem by exploiting an unsanit...

The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability due to missing CSRF protection and a Relative Path Traversal flaw in on...

This vulnerability in Microsoft SharePoint allows an authenticated attacker to access sensitive information they shouldn't have permission to view. It...

This vulnerability in Backstage's TechDocs plugin allows attackers to access the entire AWS S3 or GCS storage bucket contents when using those provide...

This CVE describes a path traversal vulnerability in JetBrains TeamCity that allows attackers to read arbitrary files from the server filesystem. The ...

CVE-2025-60020 is a path traversal vulnerability in nncp (Node to Node Copy) that allows attackers to read or write arbitrary files on the system duri...

CVE-2025-53082 is an arbitrary file deletion vulnerability in Samsung DMS that allows attackers to delete files from unintended filesystem locations. ...

CVE-2026-24909 is a path traversal vulnerability in vlt (vltpkg) that allows attackers to write arbitrary files outside the intended extraction direct...

CVE-2025-64714 is a Local File Inclusion vulnerability in PrivateBin's template-switching feature that allows unauthenticated attackers to read sensit...

This vulnerability allows attackers to perform path traversal attacks during project archive uploads in JetBrains TeamCity, potentially enabling unaut...

A relative path traversal vulnerability in Fortinet FortiManager allows privileged attackers to delete files from the underlying filesystem via crafte...

This vulnerability allows an authorized attacker to perform local spoofing attacks via relative path traversal in Microsoft Defender for Endpoint. Att...

This vulnerability allows authenticated low-privileged attackers to write arbitrary files to any location on the ctrlX OS filesystem via crafted HTTP ...

This vulnerability in JetBrains Rider allows attackers to overwrite arbitrary files during remote debugging sessions. Attackers could potentially exec...

This CVE describes a relative path traversal vulnerability (zipslip) in Apache Solr's configset upload API on Windows systems. Attackers can upload ma...

A path traversal vulnerability in SonicWall Email Security appliances allows attackers to bypass directory restrictions using sequences like '../' to ...

This CVE describes a path traversal vulnerability in Email Logging Interface 2.0 where manipulation of the Username argument allows attackers to acces...

This vulnerability in Vite allows unauthorized access to HTML files on the server regardless of filesystem restrictions when the dev server is exposed...

This vulnerability in the Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin allows unauthenticated attackers to perform directory...

This vulnerability allows attackers to delete arbitrary files or directories on systems running aimhubio/aim version 3.19.3 through path traversal in ...

This critical path traversal vulnerability in Jeewms allows attackers to access arbitrary files on the server by manipulating the /wmOmNoticeHControll...

A path traversal vulnerability in Pluck CMS 4.7.18 allows unauthenticated attackers to read sensitive files from the server. The vulnerability is limi...

This vulnerability allows privileged attackers to delete arbitrary files from the underlying filesystem via crafted CLI requests in affected Fortinet ...

A relative path traversal vulnerability in FortiWeb web application firewalls allows authenticated attackers to read arbitrary files on the underlying...

This vulnerability in JetBrains TeamCity allows attackers to bypass path validation in the loggingPreset parameter, potentially enabling unauthorized ...

This CVE describes a relative path traversal vulnerability in the s2Member WordPress plugin that allows attackers to access files outside the intended...

This vulnerability in Team+ software allows administrators to move arbitrary system files to the web root directory, potentially exposing sensitive da...

This CVE describes a path traversal vulnerability in JetBrains TeamCity that allows attackers to write backup files to arbitrary locations on the serv...

Yealink T21P_E2 phones running firmware 52.84.0.15 have a directory traversal vulnerability in the diagnostic component. Remote attackers with normal ...

Dell Secure Connect Gateway (SCG) versions 5.26.00.00 through 5.30.00.00 contain a relative path traversal vulnerability in a REST API endpoint used f...

A path traversal vulnerability in stangirard/quivr allows attackers to upload files to arbitrary S3 bucket paths by manipulating file paths in upload ...

This path traversal vulnerability in Tsinghua Unigroup Electronic Archives System allows attackers to read arbitrary files by manipulating the 'name' ...

This vulnerability allows attackers to perform path traversal attacks via the backup function's name parameter in cjbi wetech-cms. Remote attackers ca...

This vulnerability allows a malicious or compromised Assemblyline 4 server (or any MITM attacker) to write arbitrary files to any location on the clie...

This CVE describes a path traversal vulnerability in MISP's EventReport.php that allows site-admin users to access files outside the intended director...

Dell PowerProtect DD management console contains a relative path traversal vulnerability that allows authenticated high-privilege attackers to send un...

A relative path traversal vulnerability in Productivity Suite software version 4.4.1.19 allows unauthenticated remote attackers to delete arbitrary di...

This vulnerability in Go's os.Root implementation allows directory traversal to access the parent directory when opening files ending with '../'. It a...

This CVE describes a relative path traversal vulnerability in Erlang/OTP's TFTP file modules (tftp_file.erl). It allows attackers to access files outs...