Weaknesses of type CWE-22
4,805 resultsCVE-2025-24891CRITICALDumb Drop has an arbitrary file overwrite and path traversal for root shellEPSS 0.6%CVE-2026-44336CRITICALPraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injectionEPSS 0.6%CVE-2020-37015HIGHRuijie Networks Switch eWeb S29_RGOS 11.4 - Directory TraversalEPSS 0.6%CVE-2026-22905HIGHAuthentication Bypass via URI TraversalEPSS 0.6%CVE-2026-40062HIGHA path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated attacker may get sensitive information oEPSS 0.6%CVE-2024-3107MEDIUMSpectra – WordPress Gutenberg Blocks <= 2.12.6 - Authenticated (Contributor+) Path TraversalEPSS 0.6%CVE-2024-25136HIGHAutomationDirect C-MORE EA9 HMI Path TraversalEPSS 0.6%CVE-2024-43996MEDIUMWordPress ElementsKit Pro plugin <= 3.6.0 - Local File Inclusion vulnerabilityEPSS 0.6%CVE-2022-40742MEDIUMSOFTNEXT TECHNOLOGIES CORP. Mail SQR Expert - Local File InclusionEPSS 0.6%CVE-2026-32232HIGHZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlinkEPSS 0.6%CVE-2024-37266MEDIUMWordPress Tutor LMS plugin <= 2.7.1 - Path Traversal vulnerabilityEPSS 0.6%CVE-2025-3897MEDIUMEUCookieLaw <= 2.7.2 - Unauthenticated Arbitrary File ReadEPSS 0.6%CVE-2026-25891HIGHFiber has an Arbitrary File Read in Static Middleware on WindowsEPSS 0.6%CVE-2023-48382MEDIUMSoftnext Mail SQR Expert - Local File Inclusion-2EPSS 0.6%CVE-2023-50885MEDIUMWordPress Store Locator WordPress Plugin <= 1.4.14 is vulnerable to Arbitrary File DeletionEPSS 0.6%CVE-2026-30285CRITICALAn arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critical internal files viEPSS 0.6%CVE-2023-48381MEDIUMSoftnext Mail SQR Expert - Local File Inclusion-1EPSS 0.6%CVE-2023-0092MEDIUMAn authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from thEPSS 0.6%CVE-2025-54446CRITICALImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allowEPSS 0.6%CVE-2025-63371HIGHMilos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component,EPSS 0.6%