Weaknesses of type CWE-73
466 resultsCVE-2025-25478MEDIUMThe account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads toEPSS 0.4%CVE-2026-33027MEDIUMNginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration DirectoryEPSS 0.4%CVE-2025-12137MEDIUMImport WP – Export and Import CSV and XML files to WordPress <= 2.14.16 - Authenticated (Admin+) Arbitrary File ReadEPSS 0.4%CVE-2025-1911LOWProduct Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page FunctionEPSS 0.4%CVE-2025-0630MEDIUMWestern Telematic Inc NPS Series, DSM Series, CPM Series External Control of File Name or PathEPSS 0.4%CVE-2025-25761HIGHHkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php.EPSS 0.4%CVE-2026-25573HIGHA vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application builds shell commands with caller-pEPSS 0.4%CVE-2025-43951CRITICALLabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve arbitrary files from the environment via theEPSS 0.4%CVE-2026-33949HIGH@tinacms/graphql has Path Traversal that leads to overwrite of arbitrary filesEPSS 0.4%CVE-2025-20269MEDIUMCisco Evolved Programmable Network Manager and Prime Infrastructure Arbitrary File Download VulnerabilityEPSS 0.4%CVE-2025-48781HIGHSoar Cloud HRD Human Resource Management System - External Control of File Name or PathEPSS 0.4%CVE-2020-36772MEDIUMCloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to reEPSS 0.4%CVE-2025-12915HIGH70mai X200 Init Script file inclusionEPSS 0.4%CVE-2026-23529HIGHArbitrary File Read in Google BigQuery Sink connectorEPSS 0.4%CVE-2026-30282CRITICALAn arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internalEPSS 0.4%CVE-2025-11738MEDIUMMedia Library Assistant <= 3.29 - Unauthenticated Limited File ReadEPSS 0.4%CVE-2026-26359HIGHDell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker wEPSS 0.4%CVE-2026-45556CRITICALRoxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`EPSS 0.4%CVE-2026-29962HIGHHSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The eEPSS 0.4%CVE-2024-13922LOWOrder Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page FunctionEPSS 0.4%