Weaknesses of type CWE-22

4,805 results
CVE-2025-54446CRITICALImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allowEPSS 0.6%CVE-2025-64712CRITICALUnstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File WriteEPSS 0.6%CVE-2026-24457CRITICALAn unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitationEPSS 0.6%CVE-2025-6776MEDIUMxiaoyunjie openvpn-cms-flask File Upload controller.py upload path traversalEPSS 0.6%CVE-2025-1785MEDIUMDownload Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File OverwriteEPSS 0.6%CVE-2024-33879CRITICALAn issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/DownloEPSS 0.6%CVE-2025-14997HIGHBuddyPress Xprofile Custom Field Types <= 1.2.8 - Authenticated (Subscriber+) Arbitrary File DeletionEPSS 0.6%CVE-2025-14301CRITICALIntegration Opvius AI for WooCommerce <= 1.3.0 - Unauthenticated Arbitrary File Deletion/Read via Path TraversalEPSS 0.6%CVE-2025-65077HIGHRelative path traversal vulnerability in Embedded Solutions FrameworkEPSS 0.6%CVE-2023-28105HIGHGo-huge-util vulnerable to path traversal when unzipping filesEPSS 0.6%CVE-2018-25325HIGHWoocommerce CSV Importer 3.3.6 Path Traversal File DeletionEPSS 0.6%CVE-2023-39299HIGHMusic StationEPSS 0.6%CVE-2025-12960MEDIUMSimple CSV Table <= 1.0.1 - Directory Traversal to Authenticated (Contributor+) Arbitrary File ReadEPSS 0.6%CVE-2026-11940HIGHtarfile extraction filter bypass allows escaping the destination directoryEPSS 0.6%CVE-2025-61557HIGHnixseparatedebuginfod before v0.4.1 is vulnerable to Directory Traversal.EPSS 0.6%CVE-2026-28406HIGHkaniko has tar archive path traversal in build context extraction allows writing files outside destination directoryEPSS 0.6%CVE-2025-41368HIGHMultiple vulnerabilities in Small HTTP server by SmallsrvEPSS 0.6%CVE-2026-30580MEDIUMFile Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" functionality of the appEPSS 0.6%CVE-2022-34762MEDIUMA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized EPSS 0.6%CVE-2026-27886CRITICALStrapi may leak sensitive data via relational filtering due to lack of query sanitizationEPSS 0.6%