Weaknesses of type CWE-22
4,803 resultsCVE-2025-3740HIGHSchool Management System for Wordpress <= 93.1.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password UpdateEPSS 0.7%CVE-2023-25914HIGHAuthneticated Path Traversal in Danfoss AK-SM800AEPSS 0.7%CVE-2024-4296MEDIUMHGiga iSherlock - Arbitrary File DownloadEPSS 0.7%CVE-2024-4297MEDIUMHGiga iSherlock - Arbitrary File DownloadEPSS 0.7%CVE-2026-46402HIGHMicrosoft UFO uses untrusted task_name in log paths, allowing authenticated path traversal and log file creation outside the logs directoryEPSS 0.7%CVE-2023-2909HIGHA Directory traversal vulnerability was found on EZ Sync service of ADMEPSS 0.7%CVE-2023-5938HIGHPath traversal via 'zip slip' in Arc before v1.6.0EPSS 0.7%CVE-2024-2023MEDIUMFolders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_uploadEPSS 0.7%CVE-2024-8585MEDIUMLEARNING DIGITAL Orca HCM - Arbitrary File DownloadEPSS 0.7%CVE-2023-48299MEDIUMTorchServe ZipSlipEPSS 0.7%CVE-2025-3043MEDIUMGuoMinJim PersonManage login preHandle path traversalEPSS 0.7%CVE-2025-66449HIGHConvertX has Path Traversal that leads to Arbitrary File Write and Arbitrary Code ExecutionEPSS 0.7%CVE-2024-43011MEDIUMAn arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validatiEPSS 0.7%CVE-2024-51751MEDIUMArbitrary file read with File and UploadButton components in GradioEPSS 0.7%CVE-2026-25965HIGHImageMagick's policy bypass through path traversal allows reading restricted content despite secured policyEPSS 0.7%CVE-2024-3934MEDIUMMercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File DownloadEPSS 0.7%CVE-2024-10830HIGHPath Traversal in eosphoros-ai/db-gptEPSS 0.7%CVE-2026-7311HIGHTinyPNG <= 3.6.13 - Authenticated (Author+) Arbitrary File Deletion via 'convert.path' in 'tiny_compress_images' Post MetaEPSS 0.7%CVE-2024-34315HIGHCmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action methEPSS 0.7%CVE-2025-8480HIGHAlpine iLX-507 Command Injection Remote Code ExecutionEPSS 0.7%