CWE-35: CWE-35

A path traversal vulnerability in PHP allows low-privileged remote attackers to upload or overwrite Python scripts, leading to remote code execution. ...

This path traversal vulnerability in SMSA Express SMSA Shipping WordPress plugin allows attackers to delete arbitrary files on the server. It affects ...

ComfyUI-Impact-Pack extension for ComfyUI has a path traversal vulnerability in the /upload/temp endpoint that allows attackers to write arbitrary fil...

This path traversal vulnerability in the WordPress 'Contact Page With Google Map' plugin allows attackers to delete arbitrary files on the server usin...

This path traversal vulnerability in the Userpro WordPress plugin allows attackers to access arbitrary files on the server by manipulating file paths....

This vulnerability allows attackers to perform path traversal attacks using '.../...//' sequences to include arbitrary PHP files on the server. It aff...

This CVE describes a path traversal vulnerability in the Katerio - Magazine WordPress theme that allows attackers to perform PHP local file inclusion....

CVE-2025-39491 is a path traversal vulnerability in the WHMPress WordPress plugin that allows attackers to read arbitrary files on the server. This af...

This path traversal vulnerability in the Ivy School WordPress theme allows attackers to include local PHP files using '.../...//' sequences. It enable...

This path traversal vulnerability in the GetShop eCommerce WordPress plugin allows attackers to access files outside the intended directory. It affect...

This vulnerability allows a low-privileged remote attacker to write arbitrary files to the filesystem, potentially leading to root privilege escalatio...

CVE-2023-32714 is a path traversal vulnerability in Splunk App for Lookup File Editing that allows low-privileged users to read and write files in res...

This vulnerability in Microsoft Office Outlook allows an authorized attacker to execute arbitrary code on the local system through a path traversal is...

SAP Capital Yield Tax Management contains a directory traversal vulnerability (CWE-35) that allows attackers with low-privileged access to read files ...

This path traversal vulnerability in the VidMov WordPress theme allows attackers to access files outside the intended directory using '.../...//' sequ...

CVE-2025-68428 is a path traversal vulnerability in jsPDF's Node.js builds that allows attackers to read arbitrary local files when user-controlled in...

This path traversal vulnerability in the WooCommerce Payment Gateway for Saferpay plugin allows attackers to access files outside the intended directo...

This CVE describes a Path Traversal vulnerability in the VaultDweller Leyka WordPress plugin that allows PHP Local File Inclusion (LFI). Attackers can...

A path traversal vulnerability in the Aeroscroll Gallery WordPress plugin allows attackers to access files outside the intended directory. This affect...

This CVE describes a path traversal vulnerability in the WordPress List Category Posts plugin that allows attackers to perform local file inclusion (L...

This CVE describes a path traversal vulnerability in the Trusty Plugins Shop Products Filter WordPress plugin that allows attackers to perform local f...

A path traversal vulnerability in the Bit Assist WordPress plugin allows attackers to access files outside the intended directory by manipulating file...

This CVE describes a path traversal vulnerability in the WP Job Portal WordPress plugin that allows attackers to perform local file inclusion (LFI) at...

This CVE describes a path traversal vulnerability in Softpulse Infotech's SP Blog Designer WordPress plugin that allows attackers to include arbitrary...

CVE-2024-50054 is a path traversal vulnerability in back-end systems that allows attackers to read arbitrary files from the file system by manipulatin...

This path traversal vulnerability in the ThimPress WP Hotel Booking WordPress plugin allows attackers to include local PHP files using '.../...//' seq...

This CVE describes a path traversal vulnerability (CWE-35) in Multi-DNC software that allows attackers to access files outside the intended directory ...

This vulnerability allows attackers to perform path traversal attacks via specially crafted URIs in NVIDIA networking products' web interfaces. Succes...

This vulnerability allows attackers to perform path traversal attacks on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This could ...

This path traversal vulnerability in Huawei home music systems allows attackers to delete or modify files by manipulating file paths. It affects users...

This path traversal vulnerability in the Barcode Scanner with Inventory & Order Manager WordPress plugin allows attackers to access files outside the ...

This path traversal vulnerability in Q-Free MaxTime allows authenticated remote attackers to overwrite sensitive files by manipulating file paths in H...

This path traversal vulnerability in Q-Free MaxTime allows authenticated remote attackers to overwrite sensitive files by manipulating file paths in H...

This CVE describes a path traversal vulnerability in Axis camera systems' VAPIX API manageoverlayimage.cgi endpoint that allows authenticated users wi...

This path traversal vulnerability in Hitachi Vantara Pentaho Data Integration & Analytics allows attackers to access files outside restricted director...

This path traversal vulnerability in the AA-Team Pro Bulk Watermark WordPress plugin allows attackers to access files outside the intended directory u...

This CVE describes a path traversal vulnerability in Dell PowerProtect Data Domain systems where attackers can use '.../...//' sequences to access una...

A path traversal vulnerability in the miniOrange Prevent files/folders access WordPress plugin allows attackers to bypass file access restrictions and...

This path traversal vulnerability in Q-Free MaxTime allows authenticated remote attackers to delete sensitive files by manipulating HTTP requests. It ...

This path traversal vulnerability in Q-Free MaxTime allows authenticated remote attackers to delete sensitive files via crafted HTTP requests. It affe...

This path traversal vulnerability in the Eventin WordPress plugin allows attackers to access files outside the intended directory using '.../...//' se...

This path traversal vulnerability in Advanced Database Cleaner PRO WordPress plugin allows attackers to access files outside the intended directory us...

This CVE describes a path traversal vulnerability in Axis ACAP configuration files that could allow privilege escalation. It affects Axis devices conf...

A path traversal vulnerability in Splunk Enterprise and Cloud Platform allows low-privileged users to delete arbitrary files via a malicious payload o...

A path traversal vulnerability in usbmuxd allows local users to escalate privileges to the service user account. This affects systems running vulnerab...