Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-73

CWE-73

High likelihood

External Control of File Name or Path

Parent: CWE-642 - External Control of Critical State Data

The product allows user input to control or influence paths or file names that are used in filesystem operations.

449 vulnerabilities with CWE-73

CVE-2026-22783 CRITICAL

Iris <2.4.24 - Privilege Escalation

CVE-2025-12656 LOW

Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.128 - Authenticated (Admin+) Arbitrary Directory Deletion

CVE-2025-0898 MEDIUM

Xpro Elementor Addons - Pro <= 1.4.7 - Authenticated (Contributor+) Arbitrary File Read via Draw SVG

CVE-2025-65115 HIGH

Hitachi JP1 IT Desktop Management and JP1 NETM DM - Remote Code Execution

CVE-2025-61879 HIGH

Infoblox NIOS <9.0.7 - Privilege Escalation

CVE-2025-54162 MEDIUM

QNAP File Station 5.5.6.4691-5.5.6.5067 - Authenticated Path Traversal

CVE-2025-64712 CRITICAL

unstructured < 0.18.18 - Path Traversal and Arbitrary File Write via MSG Attachment Processing

CVE-2025-53912 CRITICAL

MedDream PACS Premium <7.3.6.870 - Info Disclosure

CVE-2025-66292 HIGH

DPanel < 1.9.2 - Authenticated Arbitrary File Deletion via Path Traversal

CVE-2025-66003 HIGH

smb4k < 4.0.5 - Local Privilege Escalation via Samba Share Path Control

CVE-2025-14059 MEDIUM

EmailKit plugin <1.6.1 - Path Traversal

CVE-2025-68428 HIGH

jsPDF < 4.0.0 - Path Traversal via loadFile Method

CVE-2025-62842 HIGH

HBS 3 Hybrid Backup Sync <26.2.0.938 - Path Traversal

CVE-2025-12654 LOW

WPvivid Backup & Migration <0.9.120 - Path Traversal

CVE-2025-68478 HIGH

langflow < 1.7.0 - Arbitrary File Write via Unrestricted fs_path Parameter

CVE-2025-68155 HIGH

@vitejs/plugin-rs <0.5.8 - Info Disclosure

CVE-2025-66449 HIGH

ConvertX < 0.16.0 - Authenticated Arbitrary File Write via Upload Endpoint

CVE-2025-13320 MEDIUM

WP User Manager <2.9.12 - Privilege Escalation

CVE-2025-65473 CRITICAL

easyimages2.0 < 2.8.6 - Authenticated Arbitrary File Rename via /admin/filer.php

CVE-2025-67461 MEDIUM

Zoom Rooms for macOS <6.6.0 - Info Disclosure

CVE-2025-59516 HIGH

Windows Storage VSP Driver - Privilege Escalation

CVE-2025-65799 MEDIUM

usememos memos <0.25.2 - Path Traversal

CVE-2025-12529 HIGH

WordPress Cost Calculator Builder <3.6.3 - RCE

CVE-2025-66257 CRITICAL

DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter - Pat...

CVE-2025-66254 CRITICAL

DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter - Una...

Previous Page 6 of 18 Next

Details

Vulnerabilities 449

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy