Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-73

CWE-73

High likelihood

External Control of File Name or Path

Parent: CWE-642 - External Control of Critical State Data

The product allows user input to control or influence paths or file names that are used in filesystem operations.

449 vulnerabilities with CWE-73

CVE-2025-35053 MEDIUM

Newforma Project Center < 2024.3 - Authenticated Path Traversal and Arbitrary File Deletion via MarkupServices.ashx

CVE-2025-10494 HIGH

Motors - Car Dealership & Classified Listings Plugin <1.4.89 - Priv...

CVE-2025-10306 LOW

Backup Bolt <1.4.1 - Path Traversal

CVE-2025-58769 LOW

auth0-php 3.3.0-8.16.0 - Path Traversal via Bulk User Import Endpoint

CVE-2025-6237 CRITICAL

invokeai < 6.7.0 - Path Traversal and Arbitrary File Deletion via Image Download Endpoint

CVE-2025-10058 HIGH

WP Import - Ultimate CSV XML Importer <7.27 - Privilege Escalation

CVE-2025-8422 HIGH

Propovoice: All-in-One Client Management System <=1.7.6.7 - Arbitrary File Read

CVE-2025-59049 HIGH

Mockoon < 9.2.0 - Path Traversal and Local File Inclusion via Static File Serving Configuration

CVE-2025-58762 CRITICAL

Tautulli < 2.16.0 - Authenticated Path Traversal and Remote Code Execution via pms_image_proxy Endpoint

CVE-2025-55316 HIGH

Azure Connected Machine Agent < 1.56 - Authenticated Privilege Escalation via External Control of File Name or Path

CVE-2025-10134 CRITICAL

Goza - Nonprofit Charity WordPress Theme <3.2.2 - Privilege Escalation

CVE-2025-9920 MEDIUM

Campcodes Recruitment Management System 1.0 - File Inclusion

CVE-2025-54945 CRITICAL

SUNNET Corporate Training Management System <10.11 - Path-Controlled File Command Execution

CVE-2025-58158 HIGH

Harness Open Source <3.3.0 - Command Injection

CVE-2025-9529 HIGH

Campcodes Payroll Management System 1.0 - File Inclusion

CVE-2025-9048 HIGH

Wptobe-memberships <3.4.2 - Privilege Escalation

CVE-2025-53363 MEDIUM

dpanel 1.2.0-1.7.2 - Authenticated Path Traversal via /api/app/compose/get-from-uri Endpoint

CVE-2025-55746 CRITICAL

Directus 10.8.0-11.9.2 - Unauthenticated Arbitrary File Upload via File Update Mechanism

CVE-2025-20269 MEDIUM

Cisco EPNM/Prime Infrastructure - Info Disclosure

CVE-2025-53769 MEDIUM

Windows Security App - Path Traversal

CVE-2025-29866 HIGH

TAGFREE X-Free Uploader <1.0.1.0085 - Path Traversal

CVE-2025-54780 HIGH

GLPI glpi-screenshot-plugin <2.0.2 - Info Disclosure

CVE-2025-4674 HIGH

Go - Code Injection

CVE-2025-5393 CRITICAL

Alone - Charity Multipurpose Non-profit WordPress Theme <7.8.3 - Pa...

CVE-2025-6691 HIGH

SureForms <= 1.7.3 - Unauthenticated Arbitrary File Deletion

Previous Page 8 of 18 Next

Details

Vulnerabilities 449

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy