Weaknesses of type CWE-22
4,832 resultsCVE-2025-6866MEDIUMcode-projects Simple Forum forum_downloadfile.php path traversalEPSS 0.4%CVE-2024-57777MEDIUMDirectory Traversal vulnerability in Ianproxy v.0.1 and before allows a remote attacker to obtain sensitive informationEPSS 0.4%CVE-2025-60223HIGHWordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.5 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2024-37423HIGHWordPress Newspack Blocks plugin <= 3.0.8 - Contributor+ Arbitrary Directory Deletion vulnerabilityEPSS 0.4%CVE-2025-7359HIGHCounter live visitors for WooCommerce <= 1.3.6 - Unauthenticated Arbitrary File Deletion in wcvisitor_get_blockEPSS 0.4%CVE-2026-56054HIGHWordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2026-34523MEDIUMSillyTavern: Path traversal allows file existence oracleEPSS 0.4%CVE-2026-7588MEDIUMggerve coding-standards-mcp server.py get_best_practices path traversalEPSS 0.4%CVE-2026-7589MEDIUMghantakiran splunk-mcp-integration CSV Export csv_export.py create_csv_export path traversalEPSS 0.4%CVE-2025-49138MEDIUMHAX CMS vulnerable to Local File Inclusion via saveOutline API Location ParameterEPSS 0.4%CVE-2026-5014MEDIUMelecV2 elecV2P Wildcard log path.join path traversalEPSS 0.4%CVE-2026-7237MEDIUMAgiFlow scaffold-mcp write-to-file Tool index.ts path traversalEPSS 0.4%CVE-2025-4511MEDIUMvector4wang spring-boot-quick quick-img2txt Img2TxtController.java ResponseEntity path traversalEPSS 0.4%CVE-2025-31554MEDIUMWordPress Docxpresso plugin <= 2.6 - Arbitrary File Download vulnerabilityEPSS 0.4%CVE-2026-52726HIGHDulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payloadEPSS 0.4%CVE-2025-47513MEDIUMWordPress Infocob CRM Forms plugin <= 2.4.0 - Arbitrary File Download vulnerabilityEPSS 0.4%CVE-2025-13972MEDIUMWatchTowerHQ <= 3.16.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' ParameterEPSS 0.4%CVE-2025-10283CRITICALImproper .git Sanitization in gitdumper Enables RCEEPSS 0.4%CVE-2025-59384HIGHQfilingEPSS 0.4%CVE-2024-33869MEDIUMAn issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript docuEPSS 0.4%