Weaknesses of type CWE-22
4,704 resultsCVE-2025-4632CRITICALImproper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackEPSS 24.0%KEVCVE-2022-43771MEDIUMHitachi Vantara Pentaho Business Analytics Server - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') EPSS 23.9%CVE-2017-17058HIGHThe WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emaEPSS 23.7%CVE-2023-29186HIGHDirectory/Path Traversal vulnerability in SAP NetWeaver.EPSS 23.0%CVE-2024-2434HIGHImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLabEPSS 22.9%CVE-2020-8227—Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files ouEPSS 22.4%CVE-2022-1390—Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File ReadEPSS 22.1%CVE-2022-4510HIGHPath Traversal in binwalkEPSS 21.8%CVE-2021-21234HIGHDirectory TraversalEPSS 21.2%CVE-2022-41657CRITICAL
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be uEPSS 20.9%CVE-2025-25279CRITICALArbitrary file read in Mattermost Boards via import & export board archiveEPSS 20.8%CVE-2020-25237—A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). WhenEPSS 20.6%CVE-2021-41293HIGHECOA BAS controller - Path Traversal-3EPSS 20.1%CVE-2025-54261CRITICALColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)EPSS 19.9%CVE-2023-0156MEDIUMAll-In-One Security (AIOS) < 5.1.5 - Admin+ Arbitrary File/Folder Access via TraversalEPSS 19.9%CVE-2018-17934—NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the inEPSS 19.7%CVE-2022-1119HIGHSimple File List <= 3.2.7 - Arbitrary File DownloadEPSS 19.6%CVE-2025-68472HIGHMindsDB has improper sanitation of filepath that leads to information disclosure and DOSEPSS 19.2%CVE-2025-25231HIGHOmnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitiEPSS 19.1%CVE-2025-12490HIGHNetgate pfSense CE Suricata Path Traversal Remote Code Execution VulnerabilityEPSS 18.7%