CWE-24: CWE-24

This vulnerability allows authenticated read-only users to upload files and perform directory traversal attacks, enabling them to overwrite existing P...

This vulnerability allows any authenticated user on a Juju controller to upload malicious charms via the /charms endpoint due to insufficient authoriz...

This CVE allows a user who can escalate to the yarn user account in Apache Hadoop to execute arbitrary commands as the root user, leading to complete ...

An unauthenticated Local File Inclusion vulnerability in D-Link DSR series routers allows remote attackers to read sensitive configuration files conta...

This vulnerability allows attackers to upload arbitrary files via directory traversal in Hikvision's iSecure Center platform. It affects Hikvision CSM...

An authenticated admin user in SourceCodester Pet Grooming Management System 1.0 can exploit a path traversal vulnerability in admin/manage_website.ph...

CVE-2025-67364 is a critical path traversal vulnerability in fast-filesystem-mcp version 3.4.0 that allows attackers to bypass directory access restri...

A path traversal vulnerability in FileCodeBox v2.2 and earlier allows unauthenticated remote attackers to write arbitrary files anywhere on the server...

This vulnerability in DOMPurify's development helper script allows path traversal attacks when the server.js script is manually started. It affects de...

A path traversal vulnerability in FastX3 allows unauthenticated attackers to read arbitrary server files, including configuration files containing JWT...

This critical vulnerability in go-fastdfs allows attackers to perform path traversal attacks via the file upload handler. By manipulating upload reque...

CVE-2025-27920 is a directory traversal vulnerability in Output Messenger that allows attackers to access sensitive files outside intended directories...

This vulnerability allows unauthenticated attackers to read arbitrary files on systems running vulnerable versions of StarNet FastX. Attackers can exp...

A directory traversal vulnerability in Mintlify Platform's static asset proxy endpoint allows attackers to inject malicious web scripts or HTML via cr...

Jeecgboot versions 3.8.2 and earlier contain a path traversal vulnerability in the /sys/comment/addFile endpoint that allows attackers to upload files...

This vulnerability allows unauthenticated remote attackers to read arbitrary files on servers running Personal Weather Station Dashboard 12_lts via di...

Infodraw Media Relay Service 7.1.0.0 contains a path traversal vulnerability in its web server on port 12654. Attackers can read arbitrary files, incl...

This vulnerability in eopkg allows malicious packages to bypass the --destdir parameter and install files outside the intended directory. Only users i...

A path traversal vulnerability in FusionDirectory allows remote attackers to read arbitrary files ending with .png, .svg, or .xpm extensions via the i...

This vulnerability in Artifex Ghostscript involves improper handling of overlong UTF-8 encoding in the decode_utf8 function, which could allow attacke...

This CVE describes a path traversal vulnerability in Android that allows unauthorized access to Android/data directories. Attackers could potentially ...

This vulnerability allows attackers to write arbitrary files to the server when Memos 0.22 is configured with local storage. Attackers can exploit the...

This CVE describes a path traversal vulnerability in ESAFENET CDG 5 that allows attackers to read arbitrary files on the server by manipulating the de...

This vulnerability allows local network attackers to perform path traversal attacks in EasySpider 0.6.2 on Windows. By manipulating HTTP GET requests ...

GNU Tar through version 1.35 contains a directory traversal vulnerability that allows file overwrite via a two-step process using crafted TAR archives...