Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-73

CWE-73

High likelihood

External Control of File Name or Path

Parent: CWE-642 - External Control of Critical State Data

The product allows user input to control or influence paths or file names that are used in filesystem operations.

450 vulnerabilities with CWE-73

CVE-2024-38165 MEDIUM

Windows Compressed Folder Tampering - Info Disclosure

CVE-2024-7497 MEDIUM

itsourcecode Airline Reservation System 1.0 - File Inclusion

CVE-2024-7496 MEDIUM

itsourcecode Airline Reservation System 1.0 - File Inclusion

CVE-2024-6714 HIGH

Provd <0.1.5 - Privilege Escalation

CVE-2024-6937 LOW

Form Tools 3.1.1 - File Inclusion via Import Option List URL Parameter

CVE-2024-6467 HIGH

BookingPress - Appointment Booking Calendar Plugin - Arbitrary File...

CVE-2024-39904 HIGH

VNote < 3.18.1 - Remote Code Execution via Crafted file:// URI in Note

CVE-2024-23317 MEDIUM

Controller 6000/7000 <9.10-8.70 - RCE

CVE-2024-37149 HIGH

GLPI 0.85-10.0.15 - Authenticated Remote Code Execution via Plugin Loader Hijack

CVE-2024-38049 MEDIUM

Windows Distributed Transaction Coordinator - Remote Code Execution

CVE-2024-39303 MEDIUM

Weblate 4.14-5.6.1 - Path Traversal via Project Backup Restore

CVE-2024-5334 HIGH

stitionai devika - Unauthenticated Arbitrary File Read via Snapshot Path Parameter

CVE-2024-27175 MEDIUM

Toshiba Tec e-Studio multi-function peripheral (MFP) - Local File Inclusion via Remote Command Program

CVE-2024-37295 HIGH

aimeos-core 2024.01.1-2024.04.4 - Authenticated Arbitrary File Upload and Remote Code Execution

CVE-2024-36473 MEDIUM

Trend Micro VPN Proxy One Pro <5.8.1012 - Privilege Escalation

CVE-2024-25975 MEDIUM

HAWKI - Authenticated Arbitrary File Overwrite via Path Traversal in Vote Function

CVE-2024-28826 HIGH

Checkmk <2.3.0p4, <2.2.0p27, <2.1.0p44, 2.0.0 - Path Traversal

CVE-2024-20366 HIGH

Cisco Crosswork NSO - Privilege Escalation

CVE-2024-27945 HIGH

RUGGEDCOM CROSSBOW < 5.5 - Authenticated Unrestricted File Upload via Bulk Import Feature

CVE-2024-27944 HIGH

RUGGEDCOM CROSSBOW < 5.5 - Authenticated Unrestricted Firmware Upload

CVE-2024-27943 HIGH

RUGGEDCOM CROSSBOW < 5.5 - Authenticated Arbitrary File Upload and Remote Code Execution

CVE-2024-25965 MEDIUM

Dell PowerScale OneFS 8.2.x-9.7.0.2 - Denial of Service via External Control of File Name or Path

CVE-2024-4818 MEDIUM

Campcodes Online Laundry Management System 1.0 - File Inclusion

CVE-2024-0100 MEDIUM

NVIDIA Triton Inference Server 22.09-24.04 - Denial of Service and Data Tampering via Tracing API

CVE-2024-0087 CRITICAL

NVIDIA Triton Inference Server 20.10-23.12 - Arbitrary File Write via Logging Location

Previous Page 13 of 18 Next

Details

Vulnerabilities 450

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy