Weaknesses of type CWE-22

4,793 results
CVE-2023-42227HIGHPat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function.EPSS 0.7%CVE-2023-42225HIGHPat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function.EPSS 0.7%CVE-2023-42226HIGHPat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function.EPSS 0.7%CVE-2023-42796HIGHA vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V0EPSS 0.7%CVE-2026-40982CRITICALSpring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious EPSS 0.7%CVE-2024-52054MEDIUMApplication Creation Path Traversal in Wowza Streaming EngineEPSS 0.7%CVE-2024-31947MEDIUMStoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameteEPSS 0.7%CVE-2023-30945CRITICALCVE-2023-30945 EPSS 0.7%CVE-2024-3322HIGHPath Traversal in parisneo/lollms-webuiEPSS 0.7%CVE-2024-10005HIGHConsul L7 Intentions Vulnerable To URL Path BypassEPSS 0.7%CVE-2023-27981HIGHA CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code EPSS 0.7%CVE-2024-8782MEDIUMJFinalCMS edit delete path traversalEPSS 0.7%CVE-2023-39525MEDIUMPrestaShop vulnerable to path traversalEPSS 0.7%CVE-2025-12062HIGHWP Maps <= 4.8.6 - Authenticated (Subscriber+) Limited Local File InclusionEPSS 0.7%CVE-2025-6755HIGHGame Users Share Buttons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion via themeNameId ParameterEPSS 0.7%CVE-2025-11631MEDIUMRainyGao DocSys deleteDoc.do path traversalEPSS 0.7%CVE-2026-35718MEDIUMA path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attaEPSS 0.7%CVE-2022-4402MEDIUMRainyGao DocSys ZIP File Decompression path traversalEPSS 0.7%CVE-2023-6562HIGHJPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if thEPSS 0.7%CVE-2025-65287HIGHAn unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1 allows a remote attacker to read arbitrary fiEPSS 0.7%