Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-73

CWE-73

High likelihood

External Control of File Name or Path

Parent: CWE-642 - External Control of Critical State Data

The product allows user input to control or influence paths or file names that are used in filesystem operations.

449 vulnerabilities with CWE-73

CVE-2025-48385 HIGH

Git Bundle URI - Protocol Injection Arbitrary Code Execution

CVE-2025-49760 LOW

Microsoft Windows Storage - Spoofing via External Control of File Name or Path

CVE-2025-49588 HIGH

Linkwarden <2.10.2 - Info Disclosure

CVE-2025-6463 HIGH

Forminator Forms < 1.44.3 - Unauthenticated Arbitrary File Deletion via Entry Upload Path Manipulation

CVE-2025-33117 CRITICAL

IBM QRadar SIEM <7.5.0 Update Package 12 - Privilege Escalation

CVE-2025-36506 MEDIUM

RICOH Streamline NX V3 PC Client <3.242.0 - Path Traversal

CVE-2025-47956 MEDIUM

Windows Security App - Path Traversal

CVE-2025-33053 HIGH KEV

CVE-2025-33053 Exploit via Malicious .URL File and WebDAV

CVE-2025-48067 MEDIUM

OctoPrint <1.11.1 - Info Disclosure

CVE-2025-49138 MEDIUM

HAX CMS PHP <11.0.0 - Local File Inclusion

CVE-2025-48783 HIGH

Soar Cloud HRD <7.3.2025.0408 - Path Traversal

CVE-2025-48781 HIGH

Soar Cloud HRD <7.3.2025.0408 - Path Traversal

CVE-2025-32802 MEDIUM

ISC Kea 2.4.0-2.4.1, 2.6.0-2.6.2, 2.7.0-2.7.8 - Arbitrary File Write via Configuration and API Directives

CVE-2025-4603 CRITICAL

eMagicOne Store Manager - Path Traversal

CVE-2025-4602 MEDIUM

eMagicOne Store Manager for WooCommerce <1.2.5 - Info Disclosure

CVE-2025-2409 CRITICAL

ABB ASPECT-Enterprise NEXUS Series MATRIX Series <= 3.08.03 - Authenticated Arbitrary File Write

CVE-2025-3812 HIGH

WPBot Pro Wordpress Chatbot <13.6.2 - Privilege Escalation

CVE-2025-26646 HIGH

Microsoft .NET, Visual Studio, and Build Tools - Path Spoofing via External Control of File Name or Path

CVE-2025-26684 MEDIUM

Microsoft Defender for Endpoint - Privilege Escalation

CVE-2025-3419 HIGH

Eventin plugin <4.0.26 - Info Disclosure

CVE-2025-46762 HIGH

Apache Parquet < 1.15.2 - Remote Code Execution via Parquet-Avro Schema Parsing

CVE-2025-1056 MEDIUM

AXIS Camera Station Pro < 6.8.43213 - Authenticated Arbitrary File Write via File Modification

CVE-2025-43951 CRITICAL

LabVantage <8.8.0.13 HF6 - Path Traversal

CVE-2025-3103 HIGH

CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - ...

CVE-2025-29709 CRITICAL

SourceCodester Company Website CMS 1.0 - File Upload

Previous Page 9 of 18 Next

Details

Vulnerabilities 449

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy