CWE-73: CWE-73

This vulnerability allows remote authenticated attackers with admin privileges to read arbitrary files on Ivanti Connect Secure and Policy Secure appl...

OpenClaw versions before 2026.2.15 contain a path traversal vulnerability in the skill installation process. The bug allows malicious skill packages t...

This vulnerability in Intel CIP software allows local attackers to escalate privileges by controlling file paths. It affects systems running vulnerabl...

This vulnerability in Microsoft Defender for Endpoint allows an authorized attacker to manipulate file paths to achieve local privilege escalation. It...

CVE-2024-38049 is a remote code execution vulnerability in Windows Distributed Transaction Coordinator (MSDTC) that allows an authenticated attacker t...

An arbitrary file overwrite vulnerability in Comic Book Reader v1.0.95 allows attackers to overwrite critical internal files during file import. This ...

This vulnerability allows an attacker to manipulate file paths in Windows NTLM authentication, enabling network spoofing attacks. Attackers can potent...

This vulnerability allows an attacker to manipulate file paths in Windows NTLM authentication, enabling network spoofing attacks. Attackers could impe...

The EmailKit WordPress plugin up to version 1.6.1 contains a path traversal vulnerability that allows authenticated attackers with Author permissions ...

The mistral-dashboard plugin for OpenStack contains a local file inclusion vulnerability in the 'Create Workbook' feature. This allows authenticated u...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to read arbitrary files on the server through the AI E...

This path traversal vulnerability in OpenText Flipper allows attackers to access arbitrary files on the server by manipulating file paths. It affects ...

This path traversal vulnerability in OpenText Flipper allows attackers to access arbitrary files on the server by manipulating file path parameters. I...

This vulnerability in Windows Core Shell allows attackers to manipulate file paths or names remotely, enabling spoofing attacks over networks. It affe...

This vulnerability in Windows NTLM allows attackers to manipulate file paths or names during network authentication, enabling spoofing attacks. It aff...

This vulnerability in Windows NTLM allows an attacker to manipulate file paths or names externally, enabling network spoofing attacks. It affects Wind...

This vulnerability in Syspass 3.2.x allows attackers to access the web application's source code by exploiting improper filename handling in the accou...

This CVE describes a path traversal vulnerability in Synology Active Backup for Business that allows remote authenticated users to write specific file...

An authenticated file read vulnerability in Palo Alto Networks PAN-OS software allows authenticated attackers with management web interface access to ...

This vulnerability allows attackers to spoof NTLM hash disclosure, potentially enabling credential theft and lateral movement. It affects systems usin...

This vulnerability allows any authenticated user on affected Western Telematic (WTI) products to perform local file inclusion attacks, potentially acc...

This Local File Inclusion vulnerability in Logpoint versions before 7.4.0 allows attackers to read arbitrary files on the system through the File Syst...

This vulnerability in 70mai X200 dashcams allows local attackers to hijack init scripts through file inclusion, potentially enabling persistent unauth...

This critical vulnerability in Legrand SMS PowerView 1.x allows remote attackers to perform file inclusion attacks by manipulating the redirect argume...

This critical vulnerability in 123solar allows remote attackers to perform file inclusion attacks via the PROTOCOLx parameter in /admin/admin_invt2.ph...

This vulnerability allows remote attackers to perform file inclusion attacks on SourceCodester Simple Online Bidding System 1.0 by manipulating the 'p...

This vulnerability allows remote attackers to perform file inclusion attacks by manipulating the 'page' parameter in /index.php of itsourcecode Airlin...

This vulnerability allows an attacker with local access to Gallagher Controller 6000/7000 systems to control file paths and execute arbitrary code. It...

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contain a path traversal vulnerability where an attacker with local high privileges can control f...

A potential file inclusion vulnerability exists in TCS BaNCS 10 through the /REPORTS/REPORTS_SHOW_FILE.jsp endpoint. Attackers could manipulate the Fi...

OctoPrint versions up to 1.11.1 contain a file exfiltration vulnerability where authenticated users with FILE_UPLOAD permission can move readable host...

The Media Library Assistant WordPress plugin has a vulnerability that allows unauthenticated attackers to read arbitrary AI, EPS, PDF, and PS files on...

This vulnerability in IBM Watson Query on Cloud Pak for Data allows unauthorized access to remote data sources due to improper privilege management. A...

This vulnerability in Zoom Rooms for macOS allows authenticated local users to control file paths, potentially leading to information disclosure. It a...

This vulnerability in Zoom Workplace for macOS allows an authenticated user with local access to control file names or paths, potentially leading to i...

The 简数采集器 WordPress plugin has an arbitrary file read vulnerability in versions up to 2.6.3. Authenticated attackers with Administrator or h...

This vulnerability allows remote authenticated attackers with admin privileges to write arbitrary files by controlling file names in Ivanti Connect Se...

This vulnerability allows authenticated WordPress administrators to perform directory traversal attacks through the file download functionality, enabl...

This vulnerability allows authenticated users with SYSTEM_CONFIGURATION permission in Dependency-Track to craft malicious notification templates that ...

CVE-2025-65799 is a path traversal vulnerability in usememos memos v0.25.2 that allows attackers to access files outside the intended directory throug...

This vulnerability in Zoom Clients allows unauthenticated attackers to control file paths, potentially leading to information disclosure via network a...

This vulnerability allows remote attackers to perform file inclusion attacks via the 'page' parameter in /index.php in SourceCodester Best House Renta...

This vulnerability allows an unauthorized local attacker to manipulate file paths in Windows NTLM authentication, potentially enabling spoofing attack...

This vulnerability allows authenticated users with operator or administrator privileges to upload specially named files to a temporary directory, caus...

The WPvivid Backup & Migration WordPress plugin allows authenticated attackers with Administrator privileges to create arbitrary directories on the se...

This vulnerability in LobeHub allows attackers to bypass file upload validation and quota limits by intercepting and modifying upload requests. Attack...

An External Control of File Name or Path vulnerability in smb4k's mounthelper allows local users to escalate privileges to root by controlling the con...

This vulnerability in calibre e-book manager allows attackers to write arbitrary files to the filesystem when processing malicious FB2 (FictionBook) f...