Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-73

CWE-73

High likelihood

External Control of File Name or Path

Parent: CWE-642 - External Control of Critical State Data

The product allows user input to control or influence paths or file names that are used in filesystem operations.

396 vulnerabilities with CWE-73

CVE-2026-5210 HIGH

SourceCodester Leave Application System file inclusion

CVE-2026-30282 CRITICAL

Cast to TV Screen Mirroring 2.2.77 - File Overwrite

CVE-2026-30284 HIGH

UXGROUP Voice Recorder 10.0 - File Overwrite

CVE-2026-30281 CRITICAL

MaruNuri LLC v2.0.23 - Arbitrary File Overwrite

CVE-2026-30276 CRITICAL

DeftPDF Document Translator 54.0 - File Overwrite

CVE-2026-30940 HIGH

baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE

CVE-2026-33027 MEDIUM

Nginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration Directory

CVE-2026-33989 HIGH

@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools

CVE-2026-33645 HIGH

Fireshare has Path Traversal Arbitrary File Write in `/api/uploadChunked`

CVE-2026-0965 LOW

Libssh: libssh: denial of service via improper configuration file handling

CVE-2026-33329 HIGH

FileRise: Path Traversal in `resumableIdentifier` Leading to Arbitrary File Write, Recursive Directory Deletion, and Limited Existence Oracle

CVE-2026-33309 CRITICAL

Langflow has an Arbitrary File Write (RCE) via v2 API

CVE-2026-33354 HIGH

AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php`

CVE-2026-2351 MEDIUM

Task Manager <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Read

CVE-2026-33476 HIGH

SiYuan has an Unauthenticated Arbitrary File Read via Path Traversal

CVE-2026-32949 HIGH

SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL

CVE-2026-32749 HIGH

SiYuan importSY/importZipMd: Path Traversal via multipart filename enables arbitrary file write

CVE-2026-30903 CRITICAL

Zoom Workplace <6.6.0 - Privilege Escalation

CVE-2026-27825 CRITICAL

MCP Atlassian <0.17.0 - Path Traversal

CVE-2026-25605 MEDIUM

SICAM SIAPP SDK <V2.1.7 - Path Traversal

CVE-2026-25573 HIGH

SICAM SIAPP SDK <V2.1.7 - Command Injection

CVE-2026-24287 HIGH

Windows Kernel - Privilege Escalation

CVE-2026-30240 CRITICAL

Budibase <=3.31.5 - Path Traversal

CVE-2026-29611 HIGH

OpenClaw <2026.2.14 - Path Traversal

CVE-2026-28459 HIGH

OpenClaw <2026.2.12 - Path Traversal

Previous Page 2 of 16 Next

Details

Vulnerabilities 396

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy