Weaknesses of type CWE-22
4,800 resultsCVE-2025-25759HIGHAn issue in the component admin_template.php of SUCMS v1.0 allows attackers to execute a directory traversal and arbitrary file deletion viaEPSS 0.7%CVE-2026-32140CRITICALDataease: Redshift JDBC RCE BypassEPSS 0.7%CVE-2025-56869MEDIUMDirectory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system EPSS 0.7%CVE-2026-5710HIGHDrag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.6 - Unauthenticated Limited Arbitrary File Read via mfile FieldEPSS 0.7%CVE-2026-49119HIGHGradio < 6.16.0 Path Traversal via FileExplorer.preprocess()EPSS 0.7%CVE-2024-44195HIGHA logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to read arbitrary files.EPSS 0.7%CVE-2025-0365MEDIUMJupiterx Core <= 4.8.7 - Authenticated (Contributor+) Arbitrary File ReadEPSS 0.7%CVE-2026-32846HIGHOpenClaw < 2026.3.28 Media Parsing Path Traversal to Arbitrary File ReadEPSS 0.7%CVE-2025-2158HIGHWordPress Review Plugin: The Ultimate Solution for Building a Review Website <= 5.3.5 - Authenticated (Contributor+) Local File Inclusion via Post Custom FieldsEPSS 0.7%CVE-2024-7744MEDIUMImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Progress WS_FTP ServerEPSS 0.7%CVE-2026-33292HIGHAVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid VideosEPSS 0.7%CVE-2025-67171HIGHIncorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal.EPSS 0.7%CVE-2024-47164LOWThe `is_in_or_equal` function may be bypassed in GradioEPSS 0.7%CVE-2026-56078HIGHPraisonAI - Arbitrary File Read and Write via Path Traversal in MultiAgentMonitorEPSS 0.7%CVE-2025-23343HIGHThe NVIDIA NVDebug tool contains a vulnerability that may allow an actor to write files to restricted components. A successful exploit of thEPSS 0.7%CVE-2026-36500CRITICALAn issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a craftEPSS 0.7%CVE-2026-29220MEDIUMApache OFBiz: Low-Privilege LFI in Content ComponentEPSS 0.7%CVE-2023-29128LOWA vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versiEPSS 0.7%CVE-2026-3289MEDIUMSanluan PublicCMS Template Cache Generation TemplateCacheComponent.java saveMetadata path traversalEPSS 0.7%CVE-2023-38511MEDIUMiTop Dashboard editor vulnerable dashboard config file parameterEPSS 0.7%