Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-73

CWE-73

High likelihood

External Control of File Name or Path

Parent: CWE-642 - External Control of Critical State Data

The product allows user input to control or influence paths or file names that are used in filesystem operations.

396 vulnerabilities with CWE-73

CVE-2025-58769 LOW

Auth0-PHP <8.16.0 - Path Traversal

CVE-2025-6237 CRITICAL

Invokeai <6.0.0a1 - Path Traversal

CVE-2025-10058 HIGH

WP Import - Ultimate CSV XML Importer <7.27 - Privilege Escalation

CVE-2025-8422 HIGH

Propovoice: All-in-One Client Management System <=1.7.6.7 - Arbitrary File Read

CVE-2025-59049 HIGH

Mockoon Commons-server < 9.2.0 - Path Traversal

CVE-2025-58762 CRITICAL

Tautulli <2.15.3 - RCE

CVE-2025-55316 HIGH

Azure Arc - Privilege Escalation

CVE-2025-10134 CRITICAL

Goza - Nonprofit Charity WordPress Theme <3.2.2 - Privilege Escalation

CVE-2025-9920 MEDIUM

Campcodes Recruitment Management System 1.0 - File Inclusion

CVE-2025-54945 CRITICAL

SUNNET Corporate Training Management System <10.11 - RCE

CVE-2025-58158 HIGH

Harness Open Source <3.3.0 - Command Injection

CVE-2025-9529 HIGH

Campcodes Payroll Management System 1.0 - File Inclusion

CVE-2025-9048 HIGH

Wptobe-memberships <3.4.2 - Privilege Escalation

CVE-2025-53363 MEDIUM

dpanel <1.7.2 - Info Disclosure

CVE-2025-55746 CRITICAL

Directus <11.9.3 - File Upload

CVE-2025-20269 MEDIUM

Cisco EPNM/Prime Infrastructure - Info Disclosure

CVE-2025-53769 MEDIUM

Windows Security App - Path Traversal

CVE-2025-29866 HIGH

TAGFREE X-Free Uploader <1.0.1.0085 - Path Traversal

CVE-2025-54780 HIGH

GLPI glpi-screenshot-plugin <2.0.2 - Info Disclosure

CVE-2025-4674 HIGH

Go - Code Injection

CVE-2025-5393 CRITICAL

Alone - Charity Multipurpose Non-profit WordPress Theme <7.8.3 - Pa...

CVE-2025-6691 HIGH

Brainstormforce Sureforms < 0.0.14 - Remote Code Execution

CVE-2025-48385 HIGH

CVE-2025-49760 LOW

Microsoft Windows Storage - Spoofing via External Control of File Name or Path

CVE-2025-49588 HIGH

Linkwarden <2.10.2 - Info Disclosure

Previous Page 6 of 16 Next

Details

Vulnerabilities 396

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy