CWE-73
High likelihoodExternal Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.
396 vulnerabilities with CWE-73
CVE-2026-28442
HIGH
ZimaOS 1.5.2-beta3 - Auth Bypass
CVSS 8.5
CVE-2026-28286
HIGH
ZimaOS 1.5.2-beta3 - Auth Bypass
CVSS 8.5
CVE-2026-26228
MEDIUM
VLC for Android <3.7.0 - Path Traversal
CVSS 4.9
CVE-2026-23521
MEDIUM
Traccar <=6.11.1 - Path Traversal
CVSS 6.5
CVE-2026-27211
CRITICAL
Cloud Hypervisor 34.0-50.0 - Info Disclosure
CVSS 10.0
CVE-2026-27115
HIGH
ADB Explorer <=0.9.26020 - Arbitrary File Deletion
CVSS 7.1
CVE-2026-26975
HIGH
Music Assistant <=2.6.3 - RCE
CVSS 8.8
CVE-2026-27008
MEDIUM
OpenClaw <2026.2.15 - Path Traversal
CVSS 6.7
CVE-2026-26202
HIGH
Penpot <2.13.2 - Path Traversal
CVSS 7.5
CVE-2026-26361
MEDIUM
Dell Unisphere for PowerMax 10.2 - Path Traversal
CVSS 6.5
CVE-2026-26360
HIGH
Dell Unisphere for PowerMax 10.2 - Path Traversal
CVSS 8.1
CVE-2026-26359
HIGH
Dell Unisphere for PowerMax 10.2 - Path Traversal
CVSS 8.8
CVE-2026-25964
MEDIUM
Tandoor Recipes <2.5.1 - Path Traversal
CVSS 4.9
CVE-2026-1669
HIGH
Keras <3.13.1 - Info Disclosure
CVSS 7.5
CVE-2026-26158
HIGH
BusyBox - Privilege Escalation
CVSS 7.0
CVE-2026-26157
HIGH
BusyBox - Path Traversal
CVSS 7.0
CVE-2026-21249
LOW
Windows NTLM - Path Traversal
CVSS 3.3
CVE-2026-25636
HIGH
Calibre <9.1.0 - Path Traversal
CVSS 8.2
CVE-2026-25628
HIGH
Qdrant <1.16.0 - Path Traversal
CVSS 8.5
CVE-2026-23835
MEDIUM
LobeHub <1.143.3 - Path Traversal
CVE-2026-23529
HIGH
Kafka Connect BigQuery Connector <2.11.0 - Info Disclosure
CVSS 7.7
CVE-2026-20931
HIGH
Windows Telephony Service - Privilege Escalation
CVSS 8.0
CVE-2026-20925
MEDIUM
Windows NTLM - Path Traversal
CVSS 6.5
CVE-2026-20872
MEDIUM
Windows NTLM - Path Traversal
CVSS 6.5
CVE-2026-22783
CRITICAL
Iris <2.4.24 - Privilege Escalation
CVSS 9.6
Details
Vulnerabilities
396
Exploit Likelihood
High