Weaknesses of type CWE-22
4,793 resultsCVE-2024-23340MEDIUM@hono/node-server can't handle "double dots" in URLEPSS 0.7%CVE-2024-32982HIGHLitestar and Starlite affected by Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')EPSS 0.7%CVE-2023-2273MEDIUMRapid7 Insight Agent Directory TraversalEPSS 0.7%CVE-2023-22320HIGHOpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerEPSS 0.7%CVE-2025-7643CRITICALAttachment Manager <= 2.1.2 - Unauthenticated Arbitrary File DeletionEPSS 0.7%CVE-2022-39001HIGHThe number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosureEPSS 0.7%CVE-2026-25161HIGHAlist vulnerable to Path Traversal in multiple file operation handlersEPSS 0.7%CVE-2022-32938MEDIUMA parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 1EPSS 0.7%CVE-2024-24307HIGHPath Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remoEPSS 0.7%CVE-2023-47803MEDIUMA vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings fEPSS 0.7%CVE-2026-54414CRITICALFileRise shared-folder upload path traversal allows arbitrary file write and admin takeoverEPSS 0.7%CVE-2024-54259MEDIUMWordPress DELUCKS SEO plugin <= 2.7.0 - Arbitrary File Download vulnerabilityEPSS 0.7%CVE-2025-25162HIGHWordPress Sports Rankings and Lists plugin <= 2.3 - Arbitrary File Download vulnerabilityEPSS 0.7%CVE-2023-34345MEDIUMAMI BMC contains a vulnerability in the SPX REST API, where an
attacker with the required privileges can access arbitrary files, which may
lEPSS 0.7%CVE-2024-55213MEDIUMDirectory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File ListinEPSS 0.7%CVE-2026-2419LOWWP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' ParameterEPSS 0.7%CVE-2025-53632HIGHChall-Manager's scenario decoding process does not check for zip slipsEPSS 0.7%CVE-2023-52289HIGHAn issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST rEPSS 0.7%CVE-2026-41062MEDIUMWWBN/AVideo has an incomplete fix for a directory traversal bypass via query string in ReceiveImage downloadURL parametersEPSS 0.7%CVE-2026-50869CRITICALAn issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted requestEPSS 0.7%