Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-73

CWE-73

High likelihood

External Control of File Name or Path

Parent: CWE-642 - External Control of Critical State Data

The product allows user input to control or influence paths or file names that are used in filesystem operations.

449 vulnerabilities with CWE-73

CVE-2026-47358 HIGH

Tenable Terrascan < 1.18.3 - Externally Controlled Reference to a Resource in Another Sphere

CVE-2026-47357 HIGH

Tenable Terrascan < 1.18.3 - Externally Controlled Reference to a Resource in Another Sphere

CVE-2026-29962 HIGH

HSC MailInspector 5.3.3-7 - Path Traversal

CVE-2026-45008 MEDIUM

phpMyFAQ - Path Traversal in Client::deleteClientFolder via URL Parameter

CVE-2026-46383 MEDIUM

Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`

CVE-2026-44641 HIGH

Microsoft APM: plugin.json component paths escape plugin root and copy arbitrary host files during install

CVE-2026-42597 MEDIUM

Gotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// scheme

CVE-2026-42593 MEDIUM

Gotenberg: Arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes

CVE-2026-40893 HIGH

Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move

CVE-2026-42881 HIGH

STIGQter: Arbitrary File Write leading to Local Code Execution via Export HTML

CVE-2026-3892 HIGH

Motors – Car Dealer, Classifieds & Listing <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion via 'stm_dealer_logo_path' Parameter

CVE-2026-30905 HIGH

Zoom Communications Zoom Workplace Vdi Plugin < 6.6.11 - External Control of File Name or Path

CVE-2026-0259 MEDIUM

Palo Alto WildFire WF-500/WF-500-B - Arbitrary File Read/Delete

CVE-2026-43891 HIGH

changedetection.io: Arbitrary Local File Read via crafted backup restore

CVE-2026-41107 HIGH

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2026-41088 HIGH

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2026-40421 MEDIUM

Microsoft Word Information Disclosure Vulnerability

CVE-2026-40370 HIGH

Microsoft SQL Server - File Path Control Remote Code Execution

CVE-2026-32204 HIGH

Azure Monitor Agent Elevation of Privilege Vulnerability

CVE-2026-43989 HIGH

JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation

CVE-2026-8043 CRITICAL

Ivanti Xtraction < 2026.2 - Authenticated Path Traversal and Arbitrary File Write

CVE-2026-42866 MEDIUM

Tookie: Arbitrary file write via path traversal in -u username / -U userfile output filename

CVE-2026-42845 HIGH

Grav: Anonymous Page Content Overwrite via Form File Upload filename Override

CVE-2026-41693 HIGH

i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite

CVE-2026-44127 HIGH

SEPPmail Secure Email Gateway - Local File Inclusion (LFI) and Arbitrary File Deletion

Previous Page 2 of 18 Next

Details

Vulnerabilities 449

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy