CWE-73
High likelihoodExternal Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.
449 vulnerabilities with CWE-73
CVE-2025-0211
MEDIUM
Campcodes School Faculty Scheduling System 1.0 - File Inclusion
CVSS 6.3
CVE-2025-0202
MEDIUM
TCS BaNCS 10 - File Inclusion via /REPORTS/REPORTS_SHOW_FILE.jsp FilePath Parameter
CVSS 5.5
CVE-2024-5986
CRITICAL
Ai.h2o H2o-core - Remote Code Execution
CVSS 9.1
CVE-2024-13984
CRITICAL
QiAnXin TianQing Management Center <=6.7.0.4130 - Path Traversal
CVE-2024-1244
CRITICAL
OSSEC HIDS <3.8.0 - Info Disclosure
CVE-2024-1243
HIGH
Wazuh < 4.8.0 - NetNTLMv2 Hash Leak via Malicious UNC Path Configuration
CVSS 7.2
CVE-2024-51553
MEDIUM
ABB ASPECT-Enterprise, NEXUS Series, MATRIX Series <= 3.* - Information Exposure via Predictable Filename
CVSS 6.5
CVE-2024-57394
HIGH
Qi-ANXIN Tianqing Endpoint Security Management System v10.0 - Arbitrary File Write via Quarantine Restore Function
CVSS 8.8
CVE-2024-55372
CRITICAL
Wallos <= 2.38.2 - Unauthenticated Arbitrary File Write via Database Restore Function
CVSS 9.8
CVE-2024-55371
CRITICAL
Wallos <= 2.38.2 - Authenticated Arbitrary File Write via Backup Restore Function
CVSS 9.8
CVE-2024-10210
HIGH
B&R APROL <4.4-005P - Info Disclosure
CVE-2024-13922
LOW
WooCommerce <2.6.0 - Privilege Escalation
CVSS 2.7
CVE-2024-8616
HIGH
h2o 3.46.0 - Arbitrary File Overwrite via mexport.dir Parameter
CVSS 8.2
CVE-2024-6829
CRITICAL
aimhubio/aim <3.19.3 - Code Injection
CVSS 9.1
CVE-2024-11042
CRITICAL
invoke-ai/invokeai <5.0.2 - Privilege Escalation
CVSS 9.1
CVE-2024-10834
CRITICAL
eosphoros-ai/db-gpt <0.6.0 - Code Injection
CVSS 9.1
CVE-2024-12036
HIGH
CS Framework plugin - Path Traversal
CVSS 7.5
CVE-2024-51961
HIGH
ArcGIS Server <11.3 - Info Disclosure
CVSS 7.5
CVE-2024-22341
MEDIUM
IBM Watson Query on Cloud Pak for Data <4.9 - Info Disclosure
CVSS 5.3
CVE-2024-38657
MEDIUM
Ivanti Connect/Ivanti Policy <22.7R2.4/<22.7R1.3 - Path Traversal
CVSS 4.9
CVE-2024-47265
MEDIUM
Synology Active Backup <2.7.1-3234 - Path Traversal
CVSS 6.5
CVE-2024-12058
MEDIUM
Ivanti Connect/Ivanti Policy <22.7R2.6/<22.7R1.3 - Path Traversal
CVSS 6.8
CVE-2024-12267
MEDIUM
Contact Form 7 <1.3.8.5 - Info Disclosure
CVSS 5.3
CVE-2024-12861
MEDIUM
W2S - Migrate WooCommerce to Shopify <1.2.1 - Info Disclosure
CVSS 6.5
CVE-2024-43658
HIGH
Iocharger AC <25010801 - Path Traversal
Details
Vulnerabilities
449
Exploit Likelihood
High