Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-73

CWE-73

High likelihood

External Control of File Name or Path

Parent: CWE-642 - External Control of Critical State Data

The product allows user input to control or influence paths or file names that are used in filesystem operations.

449 vulnerabilities with CWE-73

CVE-2026-34030 MEDIUM

Improper branch-code validation in Wertheim SafeController Software allows file path manipulation

CVE-2026-11527 HIGH

Perl Config::IniFiles < 3.001000 - OS Command Injection via -file 2-Arg open()

CVE-2026-11526 CRITICAL

Perl GD < 2.86 - OS Command Injection via 2-Arg open()

CVE-2026-45556 CRITICAL

Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`

CVE-2026-47643 CRITICAL

Azure Stack Edge Remote Code Execution Vulnerability

CVE-2026-46397 MEDIUM

haxcms-php Local File Inclusion via saveOutline API Location Parameter v2.0

CVE-2026-46399 CRITICAL

haxtheweb haxcms-nodejs - Authenticated Remote Code Execution via File Overwrite

CVE-2026-40605 MEDIUM

Tautulli Vulnerable to Authenticated Path Traversal in Cache Deletion API

CVE-2026-20175 MEDIUM

Cisco Finesse File Inclusion Vulnerability

CVE-2026-35080 HIGH

MBS Gateway Devices V1_0_0_0-V6_0_0_7 - ugw-restoreinfo Arbitrary File Deletion

CVE-2026-35079 HIGH

MBS Gateway Devices V1_0_0_0-V6_0_0_7 - ugw-restore Arbitrary File Deletion

CVE-2026-35078 HIGH

MBS Gateway Devices V1_0_0_0-V6_0_0_7 - ugw-logstop Arbitrary File Deletion

CVE-2026-35077 HIGH

MBS Gateway Devices V1_0_0_0-V6_0_0_7 - ugw-delete-file Arbitrary File Deletion

CVE-2026-35076 HIGH

MBS Gateway Devices V1_0_0_0-V6_0_0_7 - bac-scanresult Arbitrary File Deletion

CVE-2026-10694 HIGH

SourceCodester Online Food Ordering System index.php include file inclusion

CVE-2026-41412 MEDIUM

alf.io vulnerable to Arbitrary File Read and Exfil via simpleHttpClient Extension Script

CVE-2026-10559 MEDIUM

SourceCodester Pizzafy Ecommerce System index.php file inclusion

CVE-2026-10558 MEDIUM

SourceCodester Pizzafy Ecommerce System index.php file inclusion

CVE-2026-9559 CRITICAL

Mautic 7 - Authenticated Path Traversal and Remote Code Execution via Campaign Import ZIP Extraction

CVE-2026-46402 HIGH

Microsoft UFO uses untrusted task_name in log paths, allowing authenticated path traversal and log file creation outside the logs directory

CVE-2026-45089 HIGH

Dalfox: Unauthenticated Arbitrary File Create/Append via `output` Option in Dalfox Server Mode

CVE-2026-45088 HIGH

Dalfox: Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` in Dalfox Server Mode

CVE-2026-48920 HIGH

Jenkins Email Extension Plugin < 1933.v45cec755423f - External Control of File Name or Path

CVE-2026-8450 CRITICAL

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()

CVE-2026-35593 MEDIUM

Trilium Notes has Local File Inclusion via upload modified file API endpoint

Page 1 of 18 Next

Details

Vulnerabilities 449

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy