Weaknesses of type CWE-22

4,827 results
CVE-2023-47679MEDIUMWordPress Qi Addons For Elementor plugin <= 1.6.3 - Local File Inclusion vulnerabilityEPSS 0.5%CVE-2026-2421MEDIUMilGhera Carta Docente for WooCommerce <= 1.5.0 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' ParameterEPSS 0.5%CVE-2024-36267HIGHPath traversal vulnerability exists in Redmine DMSF Plugin versions prior to 3.1.4. If this vulnerability is exploited, a logged-in user mayEPSS 0.5%CVE-2024-11833HIGHArbitrary Directory Write via Runbooks Artifact UploadEPSS 0.5%CVE-2024-11834HIGHArbitrary File Write via PTRAC ImportEPSS 0.5%CVE-2024-39651HIGHWordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Arbitrary File Deletion vulnerabilityEPSS 0.5%CVE-2026-49982HIGHtmp: Type-confusion bypass of _assertPath in tmp@0.2.6 allows path traversal via non-string prefix/postfix/templateEPSS 0.5%CVE-2025-27932HIGHImproper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file deletion process of the USB storage EPSS 0.5%CVE-2022-46492MEDIUMnbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/EPSS 0.5%CVE-2023-49788HIGHImproper handling of browser-side provided input in richdocuments path handlingEPSS 0.5%CVE-2025-9217MEDIUMSlider Revolution <= 6.7.36 - Authenticated (Contributor+) Arbitrary File Read via 'used_svg' and 'used_images'EPSS 0.5%CVE-2026-44522HIGHNote Mark: Arbitrary File Write via Path Traversal in Asset Names Leading to Remote Code ExecutionEPSS 0.5%CVE-2025-7641HIGHAssistant for NextGEN Gallery <= 1.0.9 - Unauthenticated Arbitrary Directory DeletionEPSS 0.5%CVE-2026-41612MEDIUMVisual Studio Code Information Disclosure VulnerabilityEPSS 0.5%CVE-2026-41951HIGHPath traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the serveEPSS 0.5%CVE-2026-49465MEDIUMn8n: Git Node Clone and Push Operations Bypass File SandboxEPSS 0.5%CVE-2026-39847CRITICALEmmett has a path traversal in internal assets handlerEPSS 0.5%CVE-2025-58590MEDIUMPath traversalEPSS 0.5%CVE-2026-54352CRITICALBudibase: Arbitrary file read by workspace-builder via PWA-zip symlink uploadEPSS 0.5%CVE-2025-58591MEDIUMPath TraversalEPSS 0.5%