CWE-22

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation first

A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/ is not accessible.

Path Traversal in GitHub repository filegator/filegator prior to 7.8.0.

Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.

Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege.