CWE-36: CWE-36

The WordPress User Extra Fields plugin has an arbitrary file deletion vulnerability in all versions up to 16.7. Authenticated attackers with Subscribe...

This CVE describes a path traversal vulnerability that allows remote attackers to access files outside intended directories, potentially leading to re...

This vulnerability allows any user to download arbitrary files from the rpc_agent's host system by exploiting the download_file method in modelscope/a...

This vulnerability allows remote attackers to execute arbitrary code on Microsoft Defender for IoT systems without authentication. It affects organiza...

CVE-2024-48248 is an absolute path traversal vulnerability in NAKIVO Backup & Replication that allows unauthenticated attackers to read arbitrary file...

An absolute path traversal vulnerability in ID Link Manager and FUJITSU Software TIME CREATOR allows unauthenticated remote attackers to read arbitrar...

CVE-2026-26337 is an absolute path traversal vulnerability in Hyland Alfresco Transformation Service that allows unauthenticated attackers to read arb...

Dell Wyse Management Suite versions before 5.2 contain an absolute path traversal vulnerability that allows unauthenticated remote attackers to access...

TenderDocTransfer software from Chunghwa Telecom has two critical vulnerabilities: lack of CSRF protection allows unauthenticated remote attackers to ...

The tbm-client from Chunghwa Telecom has two vulnerabilities: lack of CSRF protection in APIs allowing unauthenticated remote attacks via phishing, an...

The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability due to missing CSRF protection and an Absolute Path Traversal flaw in...

CVE-2025-36357 is a directory traversal vulnerability in IBM Planning Analytics Local that allows authenticated remote attackers to access arbitrary f...

This vulnerability allows attackers to exploit absolute path traversal in Splunk Enterprise to execute arbitrary code from separate disks. It affects ...

An absolute path traversal vulnerability in Navtor NavBox allows unauthenticated remote attackers to read arbitrary files from the filesystem. This af...

MeetingHub software from HAMASTAR Technology contains an absolute path traversal vulnerability that allows unauthenticated remote attackers to read ar...

The Police Statistics Database System developed by Gotac contains an unauthenticated arbitrary file read vulnerability via absolute path traversal. Th...

CVE-2025-15227 is an arbitrary file read vulnerability in BPMFlowWebkit developed by WELLTEND TECHNOLOGY. Unauthenticated remote attackers can exploit...

CVE-2025-8912 is an arbitrary file reading vulnerability in WellChoose's Organization Portal System that allows unauthenticated remote attackers to ex...

This vulnerability allows attackers to read a file containing administrator credentials on Franklin Fueling Systems TS-550 EVO devices. Attackers can ...

An absolute path traversal vulnerability in parisneo/lollms-webui v9.6 allows attackers to read arbitrary files and list directories on Windows system...

A path traversal vulnerability in parisneo/lollms allows attackers to read or delete any file on Windows systems by exploiting improper path validatio...

A path traversal vulnerability in parisneo/lollms-webui allows attackers to read arbitrary files on Windows systems by exploiting inadequate path vali...

This vulnerability allows unauthenticated remote attackers to conduct directory traversal attacks and overwrite restricted files on affected Cisco Sma...

The NinjaScanner WordPress plugin contains an arbitrary file deletion vulnerability that allows authenticated attackers with Administrator privileges ...

The WP-DownloadManager plugin for WordPress has a vulnerability allowing authenticated attackers with Administrator privileges to delete arbitrary fil...

CVE-2023-36786 is a remote code execution vulnerability in Skype for Business that allows an attacker to execute arbitrary code on a target system by ...

TenderDocTransfer software has two critical vulnerabilities: lack of CSRF protection allows unauthenticated remote attackers to trigger API calls via ...

This vulnerability in h2oai/h2o-3 version 3.46.0 allows attackers to export trained models to arbitrary locations on the server's filesystem, overwrit...

CVE-2025-9256 is an arbitrary file reading vulnerability in WebITR software developed by Uniong. Remote attackers with regular user privileges can exp...

CVE-2025-9257 is an arbitrary file reading vulnerability in WebITR software developed by Uniong. Remote attackers with regular user privileges can exp...

CVE-2025-9258 is an arbitrary file reading vulnerability in WebITR software developed by Uniong. Remote attackers with regular user privileges can exp...

CVE-2025-9259 is an arbitrary file reading vulnerability in WebITR software developed by Uniong. Remote attackers with regular user privileges can exp...

A local file inclusion vulnerability in automatic1111/stable-diffusion-webui allows attackers to read arbitrary files on the system by sending special...

This vulnerability allows authenticated remote attackers to read arbitrary files from the underlying operating system of Cisco Secure Firewall Managem...

Digiwin EasyFlow .NET has an access control vulnerability combined with insufficient input filtering, allowing authenticated remote attackers to downl...

This CVE describes an improper absolute path traversal vulnerability in Motorola's Ready For application that allows local applications to access file...

PHPSpreadsheet has a vulnerability where attackers can create malicious XLSX files that cause arbitrary file reads and Server-Side Request Forgery whe...

The Police Statistics Database System developed by Gotac contains an absolute path traversal vulnerability that allows unauthenticated remote attacker...

This vulnerability allows attackers to list arbitrary directories on Windows systems running vulnerable versions of lollms-webui. By sending a special...