CWE-73— External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.— MITRE CWE catalog
467 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-73page 7 of 10
- CVE-2025-62611HIGHCVSS 8.2EG 8.22025-10-22
aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client usin…
- CVE-2025-62842HIGHCVSS 7.8EG 7.82026-01-02
An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We hav…
- CVE-2025-64486CRITICALCVSS 9.3EG 9.32025-11-08
calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a maliciou…
- CVE-2025-6463HIGHCVSS 8.8EG 8.82025-07-02
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entry_delete_upload_files' function in all versions up…
- CVE-2025-64712CRITICALCVSS 9.8EG 9.82026-02-04
The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partition_ms…
- CVE-2025-64714MEDIUMCVSS 5.8EG 5.82025-11-13
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, an unauthenticated Local File Inclusion exists in the template-switching feature. If `templateselect…
- CVE-2025-64738MEDIUMCVSS 5.5EG 5.02025-11-13
External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access.
- CVE-2025-64739HIGHCVSS 7.5EG 4.32025-11-13
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.
- CVE-2025-65115HIGHCVSS 8.8EG 8.82026-04-07
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop M…
- CVE-2025-65473CRITICALCVSS 9.1EG 9.12025-12-11
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name.
- CVE-2025-65799MEDIUMCVSS 4.3EG 4.32025-12-08
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.
- CVE-2025-66003HIGHCVSS 7.3EG 7.32026-01-08
An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.…
- CVE-2025-66254CRITICALCVSS 9.1EG 9.12025-11-26
Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgr…
- CVE-2025-66257CRITICALCVSS 9.1EG 9.12025-11-26
Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch …
- CVE-2025-66292HIGHCVSS 8.1EG 8.12026-01-15
DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server vi…
- CVE-2025-66449HIGHCVSS 8.8EG 8.82025-12-16
ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint `/upload` allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function …
- CVE-2025-6691HIGHCVSS 8.1EG 8.12025-07-09
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.…
- CVE-2025-67461MEDIUMCVSS 5.5EG 5.02025-12-10
External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access.
- CVE-2025-68155HIGHCVSS 7.5EG 7.52025-12-16
@vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Prior to version 0.5.8, the `/__vite_rsc_findSourceMapURL` endpoint in `@vitejs/plugin-rsc` allows unauthenticated arbitrary file read during development mode. An a…
- CVE-2025-68428HIGHCVSS 7.5EG 7.52026-01-05
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsaniti…
- CVE-2025-68478HIGHCVSS 7.1EG 7.12025-12-19
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrite…
- CVE-2025-69621HIGHCVSS 8.1EG 6.52026-02-04
An arbitrary file overwrite vulnerability in the file import process of Comic Book Reader v1.0.95 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.
- CVE-2025-71324HIGHCVSS 7.5EG 7.52026-06-25
Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStora…
- CVE-2025-71333CRITICALCVSS 9.8EG 9.82026-06-25
Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upl…
- CVE-2025-71334CRITICALCVSS 9.8EG 9.82026-06-25
Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a…
- CVE-2025-71338CRITICALCVSS 9.8EG 10.02026-06-25
Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters w…
- CVE-2025-8048MEDIUMCVSS 6.5EG 6.52025-10-20
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the s…
- CVE-2025-8050MEDIUMCVSS 6.5EG 6.52025-10-21
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2.
- CVE-2025-8422HIGHCVSS 7.5EG 7.52025-09-11
The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.7.6.7 via the send_email() function. This makes it possible for unauthenticated attackers…
- CVE-2025-8998LOWCVSS 3.1EG 3.12025-11-11
It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an operator- or administrator-privileged se…
- CVE-2025-9048HIGHCVSS 8.1EG 8.12025-08-23
The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the del_img_ajax_call() function in all versions up to, and including, 3.4.2. This makes it possible for authe…
- CVE-2025-9529HIGHCVSS 7.2EG 7.32025-08-27
A weakness has been identified in Campcodes Payroll Management System 1.0. The affected element is the function include of the file /index.php. This manipulation of the argument page causes file inclusion. The attack is possible to be carr…
- CVE-2025-9920HIGHCVSS 7.2EG 7.22025-09-03
A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts the function include of the file /admin/index.php. The manipulation of the argument page results in file inclusion. It is possible to launch t…
- CVE-2026-0259MEDIUMCVSS 5.0EG 5.02026-05-13
An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B applianc…
- CVE-2026-0965LOWCVSS 3.3EG 3.32026-03-26
A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability cou…
- CVE-2026-10303HIGHCVSS 7.4EG 7.42026-06-16
In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local pa…
- CVE-2026-10558MEDIUMCVSS 6.3EG 6.32026-06-02
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the argument page results in file inclusion. The attack is possible to …
- CVE-2026-10559MEDIUMCVSS 6.3EG 6.32026-06-02
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation of the argument page can lead to file inclusion. The attack may be performed…
- CVE-2026-10694HIGHCVSS 7.3EG 7.32026-06-03
A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launc…
- CVE-2026-10816HIGHCVSS 7.5EG 7.52026-06-30
Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled
- CVE-2026-11526CRITICALCVSS 9.8EG 9.82026-06-14
GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle. GD::Image::_make_filehandle opens a filename argument with Perl's 2-arg open(), so a filename tha…
- CVE-2026-11527HIGHCVSS 8.6EG 8.62026-06-14
Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle. Config::IniFiles::_make_filehandle opens a filename argument with Perl's 2-arg …
- CVE-2026-12480MEDIUMCVSS 5.5EG 5.52026-07-01
Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the `H5IOStore._verify_dataset()` and `file_editor.py` methods, which fail to …
- CVE-2026-13748MEDIUMCVSS 6.3EG 6.32026-06-29
Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or p…
- CVE-2026-14480CRITICALCVSS 9.9EG 9.92026-07-10
OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename (prog_file) directly into the Programs.File database …
- CVE-2026-1669HIGHCVSS 7.5EG 7.52026-02-11
Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras mo…
- CVE-2026-20175MEDIUMCVSS 6.1EG 6.12026-06-03
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerabil…
- CVE-2026-20872MEDIUMCVSS 6.5EG 6.52026-01-13
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-20925MEDIUMCVSS 6.5EG 6.52026-01-13
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-20931HIGHCVSS 8.0EG 8.02026-01-13
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
Map vulnerabilities like CWE-73 to your infrastructure
EchelonGraph correlates every CVE — across CWE-73 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →