CWE-73
External Control of File Name or Path
Description
The product allows user input to control or influence paths or file names that are used in filesystem operations.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-13 · CAPEC-267 · CAPEC-64 · CAPEC-72 · CAPEC-76 · CAPEC-78 · CAPEC-79 · CAPEC-80
CVEs mapped to this weakness (245)
page 10 of 13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-4602 | Med | 0.31 | 5.9 | 0.01 | May 24, 2025 | The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the get_file() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the… | ||
| CVE-2026-40605 | Med | 0.30 | — | 0.00 | Jun 4, 2026 | Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary… | ||
| CVE-2026-42424 | Med | 0.30 | 5.7 | 0.00 | Apr 28, 2026 | OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as… | ||
| CVE-2026-23835 | Med | 0.30 | — | 0.00 | Jan 30, 2026 | LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in `Knowledge Base > File Upload` does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is… | ||
| CVE-2026-46383 | Med | 0.29 | 5.5 | 0.01 | May 15, 2026 | Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes.… | ||
| CVE-2026-41177 | Med | 0.29 | 5.5 | 0.00 | Apr 22, 2026 | Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery (SSRF). The application fails to validate the URI scheme of the user-supplied `Url`… | ||
| CVE-2025-22241 | Med | 0.29 | 5.6 | 0.00 | Jun 13, 2025 | File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization… | ||
| CVE-2024-27175 | — | Med | 0.29 | 4.4 | 0.01 | Jun 14, 2024 | Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. An attacker can read any file on the printer. As for the affected products/models/versions, see the reference URL. | |
| CVE-2026-40421 | Med | 0.28 | 4.3 | 0.01 | May 12, 2026 | Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-42593 | Med | 0.27 | 5.3 | 0.00 | May 14, 2026 | Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf… | ||
| CVE-2026-40086 | Med | 0.27 | 5.3 | 0.01 | Apr 10, 2026 | Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious model_path parameter,… | ||
| CVE-2025-12656 | Low | 0.25 | 3.8 | 0.00 | Jun 6, 2026 | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_site() function in all versions up to, and including, 0.9.128. This makes it… | ||
| CVE-2025-12137 | Med | 0.25 | 4.9 | 0.00 | Nov 1, 2025 | The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper… | ||
| CVE-2025-10306 | Low | 0.25 | 3.8 | 0.00 | Oct 3, 2025 | The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process_backup_batch() function. This makes it possible for authenticated attackers, with Administrator-level access and… | ||
| CVE-2025-27137 | Med | 0.22 | 4.4 | 0.00 | Feb 24, 2025 | Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the `SYSTEM_CONFIGURATION` permission to customize notification templates. Templates are evaluated using the… | ||
| CVE-2026-0965 | Low | 0.21 | 3.3 | 0.00 | Mar 26, 2026 | A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by… | ||
| CVE-2025-8998 | — | Low | 0.20 | 3.1 | 0.00 | Nov 11, 2025 | It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. | |
| CVE-2025-12654 | Low | 0.18 | 2.7 | 0.00 | Dec 21, 2025 | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the check_filesystem_permissions() function not properly restricting the directories… | ||
| CVE-2025-58769 | — | Low | 0.14 | 3.3 | 0.00 | Oct 1, 2025 | auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept… | |
| CVE-2024-10492 | Low | 0.11 | 2.7 | 0.01 | Nov 25, 2024 | A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example,… |
- risk 0.31cvss 5.9epss 0.01
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the get_file() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the…
- risk 0.30cvss —epss 0.00
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary…
- risk 0.30cvss 5.7epss 0.00
OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as…
- risk 0.30cvss —epss 0.00
LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in `Knowledge Base > File Upload` does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is…
- risk 0.29cvss 5.5epss 0.01
Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes.…
- risk 0.29cvss 5.5epss 0.00
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery (SSRF). The application fails to validate the URI scheme of the user-supplied `Url`…
- risk 0.29cvss 5.6epss 0.00
File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization…
- risk 0.29cvss 4.4epss 0.01
Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. An attacker can read any file on the printer. As for the affected products/models/versions, see the reference URL.
- risk 0.28cvss 4.3epss 0.01
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- risk 0.27cvss 5.3epss 0.00
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf…
- risk 0.27cvss 5.3epss 0.01
Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious model_path parameter,…
- risk 0.25cvss 3.8epss 0.00
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_site() function in all versions up to, and including, 0.9.128. This makes it…
- risk 0.25cvss 4.9epss 0.00
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper…
- risk 0.25cvss 3.8epss 0.00
The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process_backup_batch() function. This makes it possible for authenticated attackers, with Administrator-level access and…
- risk 0.22cvss 4.4epss 0.00
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the `SYSTEM_CONFIGURATION` permission to customize notification templates. Templates are evaluated using the…
- risk 0.21cvss 3.3epss 0.00
A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by…
- risk 0.20cvss 3.1epss 0.00
It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account.
- risk 0.18cvss 2.7epss 0.00
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the check_filesystem_permissions() function not properly restricting the directories…
- risk 0.14cvss 3.3epss 0.00
auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept…
- risk 0.11cvss 2.7epss 0.01
A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example,…