CWE-73 · External Control of File Name or Path

474 CVEs classified under CWE-73 (External Control of File Name or Path). Browse by severity and year.

Top CVEs for CWE-73
CVESeverityScorePublishedSummary
CVE-2025-71338Critical10.02026-06-25Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary…
CVE-2026-39907Critical10.02026-04-14Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized…
CVE-2026-27211Critical10.02026-02-21Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration (constrained by…
CVE-2026-45556Critical9.92026-06-10Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf/<service>/<server_ip>/rule/<rul…
CVE-2026-9559Critical9.92026-05-29A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the val…
CVE-2026-40342Critical9.92026-04-17Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates…
CVE-2026-33309Critical9.92026-03-24Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (Exte…
CVE-2022-24900Critical9.92022-04-29Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to…
CVE-2025-71334Critical9.82026-06-25Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and ch…
CVE-2026-39006Critical9.82026-06-15An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.
CVE-2026-11526Critical9.82026-06-14GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle. GD::Image::_make_…
CVE-2026-47643Critical9.82026-06-09External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.
CVE-2026-30281Critical9.82026-03-31An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to…
CVE-2026-30276Critical9.82026-03-31An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import proces…
CVE-2025-64712Critical9.82026-02-04The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many mo…
CVE-2020-37080Critical9.82026-02-03webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrar…
CVE-2025-6237Critical9.82025-09-18A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/downlo…
CVE-2025-54945Critical9.82025-08-30An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary…
CVE-2025-43951Critical9.82025-04-22LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve arbitrary files from the environment via the objectname request…
CVE-2025-29709Critical9.82025-04-16SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio" file /dashboard/portfolio.