Weaknesses of type CWE-22
4,795 resultsCVE-2022-34365MEDIUMWMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorizeEPSS 0.7%CVE-2023-31179MEDIUMAgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversalEPSS 0.7%CVE-2022-3966MEDIUMUltimate Member Plugin Template class-shortcodes.php load_template pathname traversalEPSS 0.7%CVE-2024-23827CRITICALNginx-UI arbitrary file write through the Import Certificate featureEPSS 0.7%CVE-2024-32680HIGHWordPress HUSKY plugin <= 1.3.5.2 - Remote Code Execution (RCE) vulnerabilityEPSS 0.7%CVE-2025-6465MEDIUMPath traversal in image upload with preview overwriteEPSS 0.7%CVE-2023-30199HIGHPrestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php.EPSS 0.7%CVE-2025-0818MEDIUMMultiple elFinder Plugins <= (Various Versions) - Directory Traversal to Arbitrary File DeletionEPSS 0.7%CVE-2024-51998HIGHPath traversal using file URI scheme without supplying hostname in changedetection.ioEPSS 0.7%CVE-2023-30197HIGHIncorrect Access Control in the module "My inventory" (myinventory) <= 1.6.6 from Webbax for PrestaShop, allows a guest to download personalEPSS 0.7%CVE-2024-4982HIGHPagure: path traversal in view_issue_raw_file()EPSS 0.7%CVE-2025-32631HIGHWordPress Oxygen MyData for WooCommerce plugin <= 1.0.64 - Arbitrary File Deletion vulnerabilityEPSS 0.7%CVE-2026-2614HIGHArbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflowEPSS 0.7%CVE-2025-23562HIGHWordPress XLSXviewer plugin <= 2.1.1 - Arbitrary File Deletion vulnerabilityEPSS 0.7%CVE-2025-32629HIGHWordPress WP-BusinessDirectory Plugin <= 3.1.2 - Arbitrary File Deletion vulnerabilityEPSS 0.7%CVE-2024-56514MEDIUMKarmada Tar Slips in CRDs archive extractionEPSS 0.7%CVE-2025-32633HIGHWordPress Database Toolset Plugin <= 1.8.4 - Arbitrary File Deletion vulnerabilityEPSS 0.7%CVE-2025-59171HIGHAdvantech DeviceOn/iEdge Path TraversalEPSS 0.7%CVE-2024-5852MEDIUMWordPress File Upload <= 4.24.7 - Authenticated (Contributor+) Directory TraversalEPSS 0.7%CVE-2026-49818MEDIUMApache Airflow Samba provider: Path traversal in GCSToSambaOperator via GCS object namesEPSS 0.7%