Weaknesses of type CWE-73
466 resultsCVE-2025-0124MEDIUMPAN-OS: Authenticated File Deletion Vulnerability on the Management Web InterfaceEPSS 0.3%CVE-2025-0898MEDIUMXpro Elementor Addons - Pro <= 1.4.7 - Authenticated (Contributor+) Arbitrary File Read via Draw SVGEPSS 0.3%CVE-2025-11973MEDIUM简数采集器 <= 2.6.3 - Authenticated (Admin+) Arbitrary File ReadEPSS 0.3%CVE-2026-0259MEDIUMWildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B)EPSS 0.3%CVE-2022-34669HIGHNVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modiEPSS 0.3%CVE-2026-26228LOWVLC for Android < 3.7.0 Remote Access Path TraversalEPSS 0.3%CVE-2026-1669HIGHArbitrary File Read in Keras via HDF5 External DatasetsEPSS 0.3%CVE-2026-55699MEDIUMpnpm: reserved bin name deletes PNPM_HOME during global removeEPSS 0.3%CVE-2026-30240CRITICALBudibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environment SecretsEPSS 0.3%CVE-2026-45008HIGHphpMyFAQ - Path Traversal in Client::deleteClientFolder via URL ParameterEPSS 0.3%CVE-2026-39377MEDIUMnbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment FilenamesEPSS 0.3%CVE-2026-41389MEDIUMOpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media PathsEPSS 0.3%CVE-2025-12656LOWMigration, Backup, Staging – WPvivid Backup & Migration <= 0.9.128 - Authenticated (Admin+) Arbitrary Directory DeletionEPSS 0.3%CVE-2024-6714HIGHAn issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege.EPSS 0.3%CVE-2025-8050MEDIUMExternal Control of File vulnerability has been discovered in opentext Flipper.EPSS 0.3%CVE-2025-8048MEDIUMExternal Control of File path vulnerability has been discovered on Openext Flipper.EPSS 0.3%CVE-2023-45588HIGHAn external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installEPSS 0.3%CVE-2023-5247HIGHMalicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software EPSS 0.3%CVE-2025-54780HIGHglpi-screenshot-plugin exposes local files in /ajax/screenshot.phpEPSS 0.3%CVE-2025-61879HIGHIn Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism.EPSS 0.3%