Weaknesses of type CWE-22
4,804 resultsCVE-2026-5258MEDIUMSanster IOPaint File Manager file_manager.py _get_file path traversalEPSS 0.6%CVE-2025-41714HIGHPath Traversal via 'Upload-Key' in SmartEMS Upload HandlingEPSS 0.6%CVE-2023-49089HIGHUmbraco CMS possible path traversal when creating packages from backofficeEPSS 0.6%CVE-2026-7524CRITICALPath Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code ExecutionEPSS 0.6%CVE-2024-30509MEDIUMWordPress SellKit plugin <= 1.8.1 - Arbitrary File Download vulnerabilityEPSS 0.6%CVE-2024-34193HIGHsmanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that canEPSS 0.6%CVE-2024-37499MEDIUMWordPress Online Booking & Scheduling Calendar for WordPress plugin <= 4.4.2 - Local File Inclusion vulnerabilityEPSS 0.6%CVE-2024-25183HIGHgivanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php.EPSS 0.6%CVE-2026-55488HIGHmotionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File ReadEPSS 0.6%CVE-2024-43434HIGHMoodle: csrf risk in feedback non-respondents reportEPSS 0.6%CVE-2019-25610HIGHNetNumber Titan Master 7.9.1 Path Traversal via drpEPSS 0.6%CVE-2024-11210MEDIUMEyouCMS FilemanagerLogic.php editFile path traversalEPSS 0.6%CVE-2026-48055CRITICALStreambert: Arbitrary File Write (Zip Slip) via Subtitle ExtractionEPSS 0.6%CVE-2026-35593MEDIUMTrilium Notes has Local File Inclusion via upload modified file API endpointEPSS 0.6%CVE-2025-10307MEDIUMBackuply – Backup, Restore, Migrate and Clone <= 1.4.8 - Authenticated (Admin+) Arbitrary File DeletionEPSS 0.6%CVE-2026-34745CRITICALUnauthenticated Path Traversal Arbitrary File Write in /api/uploadChunked/publicEPSS 0.6%CVE-2025-4377HIGHPath traversal vulnerability in Sparx Pro Cloud Server WebEA webconfig in logview.phpEPSS 0.6%CVE-2024-37454MEDIUMWordPress AWSM Team – Team Showcase Plugin plugin <= 1.3.1 - Local File Inclusion vulnerabilityEPSS 0.6%CVE-2024-49287HIGHWordPress PDF-Rechnungsverwaltung plugin <= 0.0.1 - Local File Inclusion vulnerabilityEPSS 0.6%CVE-2024-11343HIGHTelerik Document Processing Path TraversalEPSS 0.6%