Weaknesses of type CWE-22

4,792 results
CVE-2025-7645HIGHExtensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) <= 3.2.8 - Unauthenticated Arbitrary File Deletion Triggered via Admin Form Submission DeletionEPSS 0.8%CVE-2025-10472MEDIUMharry0703 MoneyPrinterTurbo URL video.py stream_video path traversalEPSS 0.8%CVE-2025-46783CRITICALPath traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitEPSS 0.8%CVE-2025-12493CRITICALShopLentor <= 3.2.5 - Unauthenticated Local PHP File Inclusion via 'load_template'EPSS 0.8%CVE-2022-0223MEDIUMA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker tEPSS 0.8%CVE-2025-60722MEDIUMMicrosoft OneDrive for Android Elevation of Privilege VulnerabilityEPSS 0.8%CVE-2026-20660MEDIUMA path handling issue was addressed with improved logic. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadEPSS 0.8%CVE-2024-23793MEDIUMUpload of files outside application directoryEPSS 0.8%CVE-2026-22562CRITICALA malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write fEPSS 0.8%CVE-2022-39215HIGHThe readDir Endpoint Scope can be Bypassed With Symbolic Links in TauriEPSS 0.8%CVE-2025-32509HIGHWordPress Simple WP Events plugin <= 1.8.17 - Arbitrary File Deletion vulnerabilityEPSS 0.8%CVE-2026-5192HIGHForminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.52.1 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]'EPSS 0.8%CVE-2023-45385HIGHProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels module.EPSS 0.8%CVE-2024-10948MEDIUMArbitrary File Read via Upload Function in binary-husky/gpt_academicEPSS 0.8%CVE-2025-2742MEDIUMzhijiantianya ruoyi-vue-pro Material Upload Interface upload-permanent path traversalEPSS 0.8%CVE-2026-23483MEDIUMBlinko: Unauthorized Arbitrary File Read - /pluginsEPSS 0.8%CVE-2025-67818HIGHAn issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name withEPSS 0.8%CVE-2025-2743MEDIUMzhijiantianya ruoyi-vue-pro Material Upload Interface upload-temporary path traversalEPSS 0.8%CVE-2023-5257LOWWhiteHSBG JNDIExploit HTTPServer.java handleFileRequest path traversalEPSS 0.8%CVE-2024-5018MEDIUMWhatsUp Gold LoadUsingBasePath Directory Traversal Information Disclosure VulnerabilityEPSS 0.8%