Login Sign Up

CWE-73: CWE-73

148
Total CVEs
26
Critical
72
High
7.5
Avg CVSS
3
In CISA KEV

Yearly Trend

2026
24
2025
75
2024
32
2023
14
2022
1

Top Affected Vendors

1 Microsoft 21
2 Zoom 4
3 Fortinet 3
4 Siemens 2
5 Scshr 2
6 Paloaltonetworks 2
7 Opentext 2
8 Dell 2
9 H2o 2
10 Ivanti 2

All CWE-73 CVEs (148)

CVE-2026-27211
10.0

Cloud Hypervisor versions 34.0 through 50.0 are vulnerable to host file exfiltration when using virtio-block devices with raw images. A malicious gues...

Feb 21, 2026
CVE-2025-6237
9.8

This vulnerability in InvokeAI allows attackers to perform path traversal attacks through the image download endpoint, enabling them to read and delet...

Sep 18, 2025
CVE-2025-29708
9.8

SourceCodester Company Website CMS 1.0 contains an unauthenticated file upload vulnerability in the dashboard services creation feature. This allows a...

Apr 16, 2025
CVE-2024-55371
9.8

Wallos versions up to 2.38.2 contain a file upload vulnerability in the restore backup function that allows authenticated users to upload malicious ZI...

Apr 16, 2025
CVE-2024-9142
9.8

This vulnerability in Olgu Computer Systems e-Belediye allows attackers to manipulate web inputs to control file system calls, potentially accessing o...

Sep 25, 2024
CVE-2024-8517
9.8

CVE-2024-8517 is a critical remote code execution vulnerability in SPIP content management systems. Unauthenticated attackers can execute arbitrary op...

Sep 6, 2024
CVE-2022-39952
9.8

CVE-2022-39952 is a critical path traversal vulnerability in Fortinet FortiNAC that allows unauthenticated attackers to execute arbitrary code or comm...

Feb 16, 2023
CVE-2021-38477
9.8

This vulnerability allows attackers to read, write, manipulate, or delete files through insecure API functions in affected industrial control systems....

Oct 22, 2021
CVE-2025-53912
9.6

This vulnerability allows attackers to read arbitrary files on MedDream PACS Premium servers by sending specially crafted HTTP requests to the encapsu...

Jan 20, 2026
CVE-2023-36019
9.6

This vulnerability allows an attacker to spoof Microsoft Power Platform connectors, potentially enabling them to intercept or manipulate data flows be...

Dec 12, 2023
CVE-2025-55746
9.3

This vulnerability allows unauthenticated attackers to modify existing files with arbitrary content or upload new files with arbitrary content and ext...

Aug 20, 2025
CVE-2024-5986
9.1

This vulnerability in h2o-3 allows remote attackers to write arbitrary data to any file on the server, potentially leading to remote code execution an...

Feb 2, 2026
CVE-2025-66257
9.1

This vulnerability allows unauthenticated attackers to delete arbitrary files in the /var/www/patch/ directory of Mozart FM Transmitter devices. Attac...

Nov 26, 2025
CVE-2025-66254
9.1

This vulnerability allows unauthenticated attackers to delete arbitrary files from the /var/www/upload/ directory on affected Mozart FM Transmitters. ...

Nov 26, 2025
CVE-2025-58762
9.1

This vulnerability allows attackers with administrative access to Tautulli to write arbitrary Python scripts to the filesystem and execute them, leadi...

Sep 9, 2025
CVE-2025-10134
9.1

This vulnerability allows unauthenticated attackers to delete arbitrary files on WordPress servers running the Goza theme. Attackers can achieve remot...

Sep 9, 2025
CVE-2025-5393
9.1

This vulnerability allows unauthenticated attackers to delete arbitrary files on WordPress servers running the Alone Charity theme. Attackers can achi...

Jul 15, 2025
CVE-2025-33117
9.1

This vulnerability in IBM QRadar SIEM allows privileged users to modify configuration files, enabling them to upload malicious autoupdate files that e...

Jun 19, 2025
CVE-2025-4603
9.1

The eMagicOne Store Manager for WooCommerce WordPress plugin has an arbitrary file deletion vulnerability in all versions up to 1.2.5. Unauthenticated...

May 24, 2025
CVE-2025-2409
9.1

This vulnerability in ASPECT systems allows attackers to corrupt files and overwrite system files if they obtain administrator session credentials. It...

May 22, 2025
CVE-2025-2004
9.1

The Simple WP Events WordPress plugin allows unauthenticated attackers to delete arbitrary files on the server due to insufficient file path validatio...

Apr 8, 2025
CVE-2024-6829
9.1

This vulnerability in aimhubio/aim allows attackers to exploit insecure tarfile extraction to write arbitrary files to arbitrary locations on the serv...

Mar 20, 2025
CVE-2024-10834
9.1

This vulnerability in eosphoros-ai/db-gpt version 0.6.0 allows attackers to write arbitrary files to any location on the server by exploiting the RAG-...

Mar 20, 2025
CVE-2025-0105
9.1

CVE-2025-0105 is an arbitrary file deletion vulnerability in Palo Alto Networks Expedition that allows unauthenticated attackers to delete files acces...

Jan 11, 2025
CVE-2024-5823
9.1

This vulnerability allows attackers to overwrite critical configuration files in gaizhenbiao/chuanhuchatgpt, potentially altering system behavior, sec...

Oct 29, 2024
CVE-2024-0087
9.0

This vulnerability in NVIDIA Triton Inference Server allows attackers to set the logging location to arbitrary files, enabling log injection attacks. ...

May 14, 2024
CVE-2021-47871
8.8

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations on...

Jan 21, 2026
CVE-2025-6463
8.8

The Forminator WordPress plugin has a critical vulnerability that allows unauthenticated attackers to delete arbitrary files on the server by manipula...

Jul 2, 2025
CVE-2025-33053
KEV EPSS 35.6% 8.8

This vulnerability allows attackers to execute arbitrary code by exploiting external control of file names or paths in Internet Shortcut Files. Attack...

Jun 10, 2025
CVE-2024-57394
8.8

This vulnerability in Qi-ANXIN Tianqing Endpoint Security Management System allows authenticated users to restore quarantined malicious files to arbit...

Apr 21, 2025
CVE-2024-12066
8.8

The SMSA Shipping plugin for WordPress has an arbitrary file deletion vulnerability that allows authenticated attackers with Subscriber-level access o...

Dec 21, 2024
CVE-2024-6714
8.8

This vulnerability in provd (Ubuntu Desktop Provision) before version 0.1.5 involves a setuid binary that allows local attackers to escalate privilege...

Jul 23, 2024
CVE-2024-39904
8.8

VNote versions before 3.18.1 contain a code execution vulnerability where attackers can embed malicious file:/// URIs in notes to execute arbitrary pr...

Jul 11, 2024
CVE-2023-39542
8.8

This vulnerability in Foxit Reader's JavaScript saveAs API allows arbitrary file creation when a user opens a malicious PDF file or visits a malicious...

Nov 27, 2023
CVE-2023-35985
8.8

This vulnerability in Foxit Reader allows attackers to create arbitrary files on a victim's system through a malicious PDF file or website. When explo...

Nov 27, 2023
CVE-2023-36764
8.8

This vulnerability in Microsoft SharePoint Server allows authenticated attackers to elevate their privileges within the SharePoint environment. Attack...

Sep 12, 2023
CVE-2023-3256
8.8

CVE-2023-3256 is a local file inclusion vulnerability in Advantech R-SeeNet versions 2.4.22 that allows low-privileged users to access and load local ...

Jun 22, 2023
CVE-2021-3626
8.8

This vulnerability in Multipass for Windows allows any local process to connect to the control socket and mount host directories into guest VMs, enabl...

Oct 1, 2021
CVE-2026-28442
8.5

CVE-2026-28442 allows authenticated users to delete critical system files in ZimaOS by manipulating API requests, bypassing frontend restrictions. Thi...

Mar 5, 2026
CVE-2026-28286
8.5

This vulnerability allows attackers to bypass frontend restrictions and create files or directories in sensitive system locations like /etc and /usr v...

Mar 2, 2026
CVE-2026-25628
8.5

This vulnerability in Qdrant vector database allows attackers with read-only access to append arbitrary content to files on the server via the /logger...

Feb 6, 2026
CVE-2025-59291
8.2

This vulnerability in Azure Container Instances allows authorized attackers to manipulate file paths, potentially leading to local privilege escalatio...

Oct 14, 2025
CVE-2025-0452
8.2

DB-GPT versions on Windows systems are vulnerable to arbitrary file deletion through the '/v1/agent/hub/update' endpoint. Attackers can manipulate the...

Mar 20, 2025
CVE-2024-8616
8.2

This vulnerability allows authenticated attackers to overwrite arbitrary files on the server hosting H2O-3 version 3.46.0. Attackers can exploit the /...

Mar 20, 2025
CVE-2023-45588
8.2

This vulnerability allows a local attacker to execute arbitrary code or commands on macOS systems running vulnerable FortiClient versions. Attackers c...

Mar 14, 2025
CVE-2024-21545
8.2

This vulnerability allows authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges in Proxmox Virtual Environment to read arbitrary files o...

Sep 25, 2024
CVE-2023-6569
8.2

This vulnerability in h2oai/h2o-3 allows attackers to control file paths used by the application, potentially leading to arbitrary file writes or read...

Dec 14, 2023
CVE-2026-26360
8.1

Dell Unisphere for PowerMax version 10.2 contains a path traversal vulnerability that allows low-privileged remote attackers to delete arbitrary files...

Feb 19, 2026
CVE-2025-13322
8.1

The WP AUDIO GALLERY WordPress plugin allows authenticated attackers with subscriber-level access or higher to delete arbitrary files on the server du...

Nov 21, 2025
CVE-2025-10494
8.1

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to delete arbitrary files on the server due to insuffic...

Oct 8, 2025

About CWE-73 (CWE-73)

Our database tracks 148 CVEs classified as CWE-73, with 26 rated critical and 72 rated high severity. The average CVSS score for CWE-73 vulnerabilities is 7.5.

External reference: View CWE-73 on MITRE CWE →

Monitor CWE-73 Vulnerabilities

Get alerted when new CWE-73 CVEs affect your infrastructure.

Start Monitoring Free