Weaknesses of type CWE-22
4,805 resultsCVE-2024-32778HIGHWordPress Contest Gallery plugin <= 21.3.4 - Arbitrary File Deletion vulnerabilityEPSS 0.6%CVE-2026-30580MEDIUMFile Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" functionality of the appEPSS 0.6%CVE-2026-8755MEDIUMfishaudio Bert-VITS2 Model hiyoriUI.py _get_all_models path traversalEPSS 0.6%CVE-2024-3980CRITICALThe MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names
that are used in filesystEPSS 0.6%CVE-2025-54438CRITICALImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allowEPSS 0.6%CVE-2020-37214HIGHVoyager 1.3.0 - Directory TraversalEPSS 0.6%CVE-2026-46383MEDIUMMicrosoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`EPSS 0.6%CVE-2023-32974HIGHQTS, QuTS hero, QuTScloudEPSS 0.6%CVE-2026-8757MEDIUMadenhq hive Delete Request routes_sessions.py _read_events_tail path traversalEPSS 0.6%CVE-2022-3090HIGHRed Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and pEPSS 0.6%CVE-2026-44307HIGHMako: Path traversal via backslash URI on Windows in TemplateLookupEPSS 0.6%CVE-2025-67653MEDIUMAdvantech WebAccess/SCADA Path TraversalEPSS 0.6%CVE-2025-27395HIGHA vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit tEPSS 0.6%CVE-2026-26217CRITICALCrawl4AI < 0.8.0 Docker API Local File Inclusion via file URL HandlingEPSS 0.6%CVE-2024-37089CRITICALWordPress Consulting Elementor Widgets plugin <= 1.3.0 - Unauthenticated Local File Inclusion vulnerabilityEPSS 0.6%CVE-2025-27937HIGHQuick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If eEPSS 0.6%CVE-2025-67083MEDIUMDirectory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability EPSS 0.6%CVE-2024-52396MEDIUMWordPress WOLF plugin <= 1.0.8.3 - CSV Limited Path Traversal vulnerabilityEPSS 0.6%CVE-2025-65878HIGHThe warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint `/file/showImageByPath` does not sanEPSS 0.6%CVE-2025-41035HIGHPath Traversal vulnerability in appRain CMFEPSS 0.6%