CWE-73: CWE-73

The Wptobe-memberships WordPress plugin contains an arbitrary file deletion vulnerability in the del_img_ajax_call() function. Authenticated attackers...

The SureForms WordPress plugin has an arbitrary file deletion vulnerability that allows unauthenticated attackers to delete any file on the server. Th...

This vulnerability in Apache Parquet's parquet-avro module allows attackers to execute arbitrary code by exploiting schema parsing when reading malici...

This vulnerability in the WP Delicious Recipe Plugin allows authenticated attackers with subscriber-level access or higher to move and read arbitrary ...

This vulnerability allows attackers to bypass security features in Windows HTML platforms, potentially enabling malicious code execution or privilege ...

This vulnerability allows attackers to control file paths in FlatPress blog software, potentially leading to arbitrary file read or write operations. ...

This vulnerability in Windows Telephony Service allows an authorized attacker on the same network to manipulate file paths, potentially leading to pri...

This vulnerability allows an authorized attacker to control file names or paths in .NET, Visual Studio, and Build Tools for Visual Studio, enabling ne...

This vulnerability in QNAP HBS 3 Hybrid Backup Sync allows attackers with local network access to manipulate file paths, potentially reading or modify...

This vulnerability allows an authenticated attacker to exploit a missing authentication check in the Windows Storage VSP Driver to gain elevated local...

This vulnerability in Windows WLAN Service allows an authenticated attacker to manipulate file paths, potentially leading to local privilege escalatio...

This vulnerability allows a malicious local attacker to control file paths in Edgecross Basic Software, potentially leading to arbitrary code executio...

This vulnerability in Cisco Crosswork NSO's Tail-f HCC function pack allows authenticated local attackers to escalate privileges to root by manipulati...

This vulnerability allows attackers to execute malicious code by tricking legitimate users into opening specially crafted project files in Mitsubishi ...

CVE-2023-21566 is an elevation of privilege vulnerability in Visual Studio that allows authenticated attackers to execute arbitrary code with SYSTEM p...

A high-privileged user in Infoblox NIOS can exploit the account creation mechanism to write arbitrary files to the system. This affects Infoblox NIOS ...

The Kafka Connect BigQuery Connector prior to version 2.11.0 has an arbitrary file read vulnerability in credential configuration processing. Attacker...

This vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in agent configuration setti...

CVE-2025-62382 is a path traversal vulnerability in Frigate NVR that allows authenticated users to read arbitrary files on the host system. Attackers ...

This vulnerability in Veritas Backup Exec allows attackers to delete arbitrary protected files by exploiting the Deduplication Multi-threaded Streamin...

The Zoom VDI client installer prior to version 5.14.0 contains an improper access control vulnerability that allows a malicious user to delete local f...

This vulnerability allows remote attackers to read arbitrary local files on systems running vulnerable Keras versions by exploiting a flaw in the HDF5...

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations...

This vulnerability allows unauthenticated attackers to read arbitrary files on WordPress servers running the Auto Amazon Links plugin. Attackers can a...

This vulnerability allows remote attackers to delete arbitrary files on the Soar Cloud HRD Human Resource Management System by manipulating file paths...

This vulnerability allows remote attackers to read arbitrary files from the Soar Cloud HRD Human Resource Management System by manipulating file paths...

The CLEVER HTML5 Radio Player WordPress plugin contains an arbitrary file read vulnerability that allows unauthenticated attackers to read any file on...

This vulnerability allows unauthenticated attackers to read arbitrary files on WordPress servers running the ZoomSounds plugin. Attackers can access s...

The CS Framework plugin for WordPress has an arbitrary file read vulnerability that allows authenticated attackers with subscriber-level access or hig...

A local file inclusion vulnerability in ArcGIS Server 11.3 and earlier allows remote unauthenticated attackers to read sensitive configuration files b...

This vulnerability in Microsoft's OpenSSH for Windows allows remote attackers to execute arbitrary code on affected systems. Attackers can exploit thi...

A local file inclusion vulnerability in Esri Portal for ArcGIS allows remote unauthenticated attackers to craft URLs that read internal files, potenti...

CVE-2024-30265 is a local file inclusion vulnerability in Voilà dashboard deployments that allows attackers to download any file readable by the serv...

CVE-2024-1603 is a path traversal vulnerability in PaddlePaddle's read_file function that allows attackers to read arbitrary files from the server fil...

This vulnerability allows attackers to read arbitrary files on WWBN AVideo servers by exploiting improper input validation in the image404Raw.php scri...

CVE-2021-3845 is a path traversal vulnerability in ws-scrcpy that allows attackers to write files to arbitrary locations on the server filesystem. Thi...

Campcodes Payroll Management System 1.0 contains a remote file inclusion vulnerability in the /index.php file's include function. Attackers can manipu...

CVE-2023-3643 is a critical file inclusion vulnerability in Boss Mini 1.4.0 Build 6221 that allows remote attackers to manipulate the 'path' argument ...

HkCms v2.3.2.240702 contains an arbitrary file write vulnerability in Appcenter.php that allows attackers to write malicious files to the server. This...

Authenticated technician users in GLPI can upload malicious PHP scripts and hijack the plugin loader to execute arbitrary code. This affects GLPI inst...

This vulnerability allows authenticated administrators in Aimeos e-commerce framework to upload malicious files disguised as images that contain PHP c...

This vulnerability in RUGGEDCOM CROSSBOW allows privileged users to upload files to the root installation directory via the bulk import feature. Attac...

This vulnerability in RUGGEDCOM CROSSBOW allows privileged users to upload arbitrary files to the system's root installation directory. By replacing s...

This vulnerability allows attackers to control file paths in the bumsys software, potentially leading to arbitrary file read, write, or deletion. It a...

OpenClaw versions before 2026.2.12 have an arbitrary file write vulnerability where authenticated gateway clients can manipulate the sessionFile path ...

This vulnerability in Microsoft OpenSSH for Windows allows remote attackers to execute arbitrary code on affected systems. Attackers could exploit thi...

This vulnerability in FortiAP-U's command line interpreter allows authenticated attackers to bypass file path filtering and delete or list arbitrary f...

A path traversal vulnerability in BusyBox's archive extraction utilities allows attackers to create malicious archives that, when extracted under spec...

The WP User Manager WordPress plugin has an arbitrary file deletion vulnerability that allows authenticated attackers with Subscriber-level access or ...

This vulnerability in Pebble Templates allows attackers with template editing privileges to read sensitive local files through the include tag. It aff...