Weaknesses of type CWE-22
4,827 resultsCVE-2026-6615MEDIUMTransformerOptimus SuperAGI Multipart Upload resources.py upload path traversalEPSS 0.5%CVE-2024-55970HIGHFile Manager in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 has a traversal issue that is related to the request parameter, aEPSS 0.5%CVE-2026-25525MEDIUMOpenMage LTS has Path Traversal Filter Bypass in Dataflow ModuleEPSS 0.5%CVE-2025-30596MEDIUMWordPress include-file plugin <= 1 - Arbitrary File Download VulnerabilityEPSS 0.5%CVE-2024-55513CRITICALA vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_netactioEPSS 0.5%CVE-2025-31800MEDIUMWordPress Publitio plugin <= 2.2.0 - Arbitrary File Read vulnerabilityEPSS 0.5%CVE-2026-33528MEDIUMGoDoxy has a Path Traversal Vulnerability in its File APIEPSS 0.5%CVE-2025-53110HIGHModel Context Protocol Servers Vulnerable to Path Validation Bypass via Colliding Path PrefixEPSS 0.5%CVE-2024-9575HIGHLocal File Inclusion in pretix-widget WordPress pluginEPSS 0.5%CVE-2025-2493HIGHPath Traversal vulnerability in Softdial Contact CenterEPSS 0.5%CVE-2026-8442HIGHWP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via 'myaction' ParameterEPSS 0.5%CVE-2024-39688MEDIUMfishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config functionEPSS 0.5%CVE-2018-3770—A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the locEPSS 0.5%CVE-2026-7784MEDIUMRTGS2017 NagaAgent Skills Endpoint extensions.py path traversalEPSS 0.5%CVE-2024-55401MEDIUMAn issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal.EPSS 0.5%CVE-2024-41726HIGHPath traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary eEPSS 0.5%CVE-2026-49128HIGHMusic Player Daemon < 0.24.11 Path Traversal via LocalStorage URI HandlingEPSS 0.5%CVE-2025-26752HIGHWordPress VideoWhisper Live Streaming Integration plugin <= 6.2 - Arbitrary File Deletion vulnerabilityEPSS 0.5%CVE-2025-29787HIGHzip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File WriteEPSS 0.5%CVE-2026-25869MEDIUMMiniGal Nano <= 0.3.5 Path Traversal via dir ParameterEPSS 0.5%