Weaknesses of type CWE-22

4,792 results
CVE-2024-1433LOWKDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins path traversalEPSS 0.8%CVE-2026-33046HIGHIndico discloses local files resulting in Remote Code Execution through LaTeX injectionEPSS 0.8%CVE-2016-15023LOWSiteFusion Application Server Extension getextension.php path traversalEPSS 0.8%CVE-2025-51475MEDIUMArbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to oveEPSS 0.8%CVE-2026-39276HIGHThe template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitraEPSS 0.8%CVE-2022-4511MEDIUMRainyGao DocSys path traversalEPSS 0.8%CVE-2022-2554Enable Media Replace < 4.0.0 - Admin+ Path TraversalEPSS 0.8%CVE-2025-1770HIGHEvent Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Authenticated (Contributor+) Local File InclusionEPSS 0.8%CVE-2026-11911HIGHSimple File List <= 6.3.7 - Unauthenticated Arbitrary File Deletion via Path Traversal in 'eeSubFolder' ParameterEPSS 0.8%CVE-2026-4758HIGHWP Job Portal <= 2.4.9 - Authenticated (Subscriber+) Arbitrary File Deletion via Resume Custom File FieldEPSS 0.8%CVE-2023-0582HIGHPath Traversal in ForgeRock Access ManagmentEPSS 0.8%CVE-2024-2227CRITICALIdentityIQ JavaServer Faces File Path Traversal VulnerabilityEPSS 0.8%CVE-2024-21877HIGHInsecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225EPSS 0.8%CVE-2021-24242Tutor LMS < 1.8.8 - Authenticated Local File InclusionEPSS 0.8%CVE-2022-37906MEDIUMAn authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability resEPSS 0.8%CVE-2023-48249MEDIUMThe vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the applEPSS 0.8%CVE-2023-48246MEDIUMThe vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS usEPSS 0.8%CVE-2023-48242MEDIUMThe vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the apEPSS 0.8%CVE-2023-24416MEDIUMWordPress All In One Favicon Plugin <= 4.7 is vulnerable to Arbitrary File DeletionEPSS 0.8%CVE-2025-7645HIGHExtensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) <= 3.2.8 - Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission DeletionEPSS 0.8%