Weaknesses of type CWE-22

4,837 results
CVE-2026-33529LOWZoraxy: Authenticated Path Traversal in Config Import leads to RCEEPSS 0.4%CVE-2026-56445HIGHpydicom pynetdicom Library Path TraversalEPSS 0.4%CVE-2026-32805HIGHRomeo is vulnerable to Archive Slip due to missing checks in sanitizationEPSS 0.4%CVE-2026-32749HIGHSiYuan importSY/importZipMd: Path Traversal via multipart filename enables arbitrary file writeEPSS 0.4%CVE-2026-49233HIGHRoutinator cache path traversal using rogue rsync URIsEPSS 0.4%CVE-2026-44340HIGHPraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`EPSS 0.4%CVE-2025-68476HIGHKEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account CredentialEPSS 0.4%CVE-2019-10934A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Update 7), TIA Portal V16 (All veEPSS 0.4%CVE-2026-23889MEDIUMpnpm has Windows-specific tarball Path TraversalEPSS 0.4%CVE-2025-60242HIGHWordPress Download Counter plugin <= 1.4 - Arbitrary File Download vulnerabilityEPSS 0.4%CVE-2026-32731CRITICALApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip ExtractionEPSS 0.4%CVE-2026-33645HIGHFireshare has Path Traversal Arbitrary File Write in `/api/uploadChunked`EPSS 0.4%CVE-2026-32750MEDIUMSiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notesEPSS 0.4%CVE-2026-25499HIGHterraform-provider-proxmox has insecure sudo recommendation in the documentationEPSS 0.4%CVE-2026-28427MEDIUMOpenDeck affected by path traversal allows arbitrary file readEPSS 0.4%CVE-2026-7400MEDIUMgeekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversalEPSS 0.4%CVE-2026-55677HIGHEcho: Encoded slash (%2F) bypasses route-level protection and exposes static filesEPSS 0.4%CVE-2026-28676HIGHOpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operationsEPSS 0.4%CVE-2024-51453MEDIUMIBM Sterling Secure Proxy directory traversalEPSS 0.4%CVE-2024-32729HIGHWordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arbitrary File Download vulnerabilityEPSS 0.4%