Weaknesses of type CWE-22

4,828 results
CVE-2026-33344HIGHDagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAGEPSS 0.5%CVE-2025-48940HIGHMyBB's upgrade component vulnerable to local file inclusionEPSS 0.5%CVE-2026-34591HIGHPoetry Has Wheel Path Traversal Which Can Lead to Arbitrary File WriteEPSS 0.5%CVE-2026-30462MEDIUMA path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.EPSS 0.5%CVE-2024-54909HIGHA vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoEPSS 0.5%CVE-2025-28055HIGHupset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilitEPSS 0.5%CVE-2025-27283MEDIUMWordPress Theme File Duplicator Plugin <= 1.3 - Arbitrary File Download vulnerabilityEPSS 0.5%CVE-2026-22334HIGHWordPress Woocommerce Book Price plugin <= 1.3 - Arbitrary File Download vulnerabilityEPSS 0.5%CVE-2025-3021HIGHPath Traversal vulnerability in e-management of e-solutionsEPSS 0.5%CVE-2026-6636MEDIUMp2r3 convert API buildCache.js Bun.serve path traversalEPSS 0.5%CVE-2026-9690HIGHWordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerabilityEPSS 0.5%CVE-2020-3236MEDIUMCisco Enterprise NFV Infrastructure Software Path Traversal VulnerabilityEPSS 0.5%CVE-2025-69131HIGHWordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Download vulnerabilityEPSS 0.5%CVE-2025-33035HIGHFile Station 5EPSS 0.5%CVE-2026-7680MEDIUMjsbroks COCO Annotator Data Endpoint datasets.py path traversalEPSS 0.5%CVE-2026-1549MEDIUMjishenghua jshERP PluginController uploadPluginConfigFile path traversalEPSS 0.5%CVE-2025-39568HIGHWordPress StoreContrl Woocommerce plugin <= 4.1.3 - Arbitrary File Download VulnerabilityEPSS 0.5%CVE-2025-33032MEDIUMQTS, QuTS heroEPSS 0.5%CVE-2025-4175MEDIUMAlanBinu007 Spring-Boot-Advanced-Projects Upload Profile API Endpoint UserProfileController.java uploadUserProfileImage path traversalEPSS 0.5%CVE-2025-54659MEDIUMAn Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAREPSS 0.5%