Weaknesses of type CWE-22

4,836 results
CVE-2026-35050CRITICALtext-generation-webui affected by Remote Code Execution (RCE) through Path Traversal at "Session -> Save extention settings to user_data/settings.yaml".EPSS 0.4%CVE-2026-4222MEDIUMSSCMS download PathUtils.RemoveParentPath path traversalEPSS 0.4%CVE-2025-36236HIGHAIX Path TraversalEPSS 0.4%CVE-2026-9467MEDIUMdebugmcp mcp-debugger server.ts handleGetSourceContext path traversalEPSS 0.4%CVE-2026-24123HIGHBentoML has a Path Traversal via Bentofile ConfigurationEPSS 0.4%CVE-2026-14635MEDIUMkirilkirkov Ecommerce-CodeIgniter-Bootstrap Vendor Multi-Image Endpoint AddProduct.php path traversalEPSS 0.4%CVE-2024-54535MEDIUMA path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, EPSS 0.4%CVE-2026-26202HIGHPenpot has Arbitrary File Read via create-font-variant RPC endpointEPSS 0.4%CVE-2026-39938CRITICALCacti: Unauthenticated RCE on Graph ImageEPSS 0.4%CVE-2026-28679HIGHHomeGallery: Path Traversal (Arbitrary File Read)EPSS 0.4%CVE-2025-54162MEDIUMFile Station 5EPSS 0.4%CVE-2026-23851HIGHSiYuan Vulnerable to Arbitrary File Read via File Copy FunctionalityEPSS 0.4%CVE-2026-36762HIGHAn issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload perEPSS 0.4%CVE-2026-50003CRITICALOFFIS DCMTK Toolkit Path TraversalEPSS 0.4%CVE-2025-1357MEDIUMSeventh D-Guard HTTP GET Request path traversalEPSS 0.4%CVE-2025-46486MEDIUMWordPress Nomupay Payment Processing Gateway plugin <= 7.1.7 - Arbitrary File Download VulnerabilityEPSS 0.4%CVE-2025-57712MEDIUMQsync CentralEPSS 0.4%CVE-2025-53363MEDIUMDpanel has an arbitrary file read vulnerabilityEPSS 0.4%CVE-2024-32111MEDIUMWordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerabilityEPSS 0.4%CVE-2026-32805HIGHRomeo is vulnerable to Archive Slip due to missing checks in sanitizationEPSS 0.4%