Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-73

CWE-73

High likelihood

External Control of File Name or Path

Parent: CWE-642 - External Control of Critical State Data

The product allows user input to control or influence paths or file names that are used in filesystem operations.

449 vulnerabilities with CWE-73

CVE-2026-28459 HIGH

OpenClaw <2026.2.12 - Path Traversal

CVE-2026-28442 HIGH

ZimaOS 1.5.2-beta3 - Unauthenticated Arbitrary File Deletion via API Path Parameter Manipulation

CVE-2026-28286 HIGH

ZimaOS 1.5.2-beta3 - Unauthenticated Path Traversal and Arbitrary File Write via API Request

CVE-2026-26228 MEDIUM

VLC for Android <3.7.0 - Path Traversal

CVE-2026-23521 MEDIUM

Traccar <= 6.11.1 - Authenticated Path Traversal and Arbitrary File Write via Device uniqueId

CVE-2026-27211 CRITICAL

Cloud Hypervisor 34.0-50.0 - Info Disclosure

CVE-2026-27115 HIGH

ADB Explorer <=0.9.26020 - Arbitrary File Deletion

CVE-2026-26975 HIGH

Music Assistant Server < 2.7.0 - Unauthenticated Remote Code Execution via Playlist Update API

CVE-2026-27008 MEDIUM

OpenClaw <2026.2.15 - Path Traversal

CVE-2026-26202 HIGH

Penpot < 2.13.2 - Authenticated Arbitrary File Read via Font Variant RPC Endpoint

CVE-2026-26361 MEDIUM

Dell Unisphere for PowerMax 10.2 - Path Traversal

CVE-2026-26360 HIGH

Dell Unisphere for PowerMax 10.2 - Path Traversal

CVE-2026-26359 HIGH

Dell Unisphere for PowerMax 10.2 - Path Traversal

CVE-2026-25964 MEDIUM

Tandoor Recipes <2.5.1 - Path Traversal

CVE-2026-1669 HIGH

Keras 3.0.0-3.13.1 - Arbitrary File Read via HDF5 External Dataset References

CVE-2026-26158 HIGH

Red Hat Enterprise Linux 6 - Path Traversal via Malicious Tar Archive Extraction

CVE-2026-26157 HIGH

Red Hat Enterprise Linux 6 - Path Traversal and Arbitrary File Write via BusyBox Archive Extraction

CVE-2026-21249 LOW

Windows 10/11 Unauthenticated Spoofing via NTLM File Path Control

CVE-2026-25636 HIGH

calibre < 9.2.0 - Path Traversal and Arbitrary File Write via EPUB Conversion

CVE-2026-25628 HIGH

Qdrant 1.9.3-1.15.6 - Arbitrary File Write via Logger Endpoint

CVE-2026-23835 MEDIUM

LobeHub < 1.143.3 - Arbitrary File Write and Denial of Service via File Upload Request Manipulation

CVE-2026-23529 HIGH

Kafka Connect BigQuery Connector <2.11.0 - Info Disclosure

CVE-2026-20931 HIGH

Windows Telephony Service - Privilege Escalation

CVE-2026-20925 MEDIUM

Windows 10/11, Server 2008/2012/2016 Unauthenticated Spoofing via NTLM File Path Control

CVE-2026-20872 MEDIUM

Windows 10/11, Server 2008/2012/2016 Unauthenticated Spoofing via NTLM File Path Control

Previous Page 5 of 18 Next

Details

Vulnerabilities 449

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy