Weaknesses of type CWE-22
4,838 resultsCVE-2025-29844MEDIUMA vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.EPSS 0.4%CVE-2025-29865HIGH: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TAGFREE X-Free Uploader XFU allows Path TrEPSS 0.4%CVE-2025-29845MEDIUMA vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.EPSS 0.4%CVE-2026-5597MEDIUMgriptape-ai griptape ComputerTool tool.py path traversalEPSS 0.4%CVE-2025-6281MEDIUMOpenBMB XAgent community path traversalEPSS 0.4%CVE-2026-28373CRITICALThe Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality wEPSS 0.4%CVE-2026-49957MEDIUMHermes WebUI < 0.51.296 Workspace Boundary Bypass via api/workspace.pyEPSS 0.4%CVE-2025-32209MEDIUMWordPress Total processing card payments for WooCommerce Plugin <= 7.1.5 - Arbitrary File Download vulnerabilityEPSS 0.4%CVE-2025-15487MEDIUMCode Explorer <= 1.4.6 - Authenticated (Administrator+) Arbitrary File Read via 'file' ParameterEPSS 0.4%CVE-2025-22397MEDIUMDell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and DEPSS 0.4%CVE-2026-31886CRITICALDagu has a Path Traversal via `dagRunId` in Inline DAG ExecutionEPSS 0.4%CVE-2024-47166LOWOne-level read path traversal in `/custom_component` in GradioEPSS 0.4%CVE-2026-3112MEDIUMArbitrary File Read via Advanced Logging Support PacketEPSS 0.4%CVE-2026-27442CRITICALzip_attachments Path TraversalEPSS 0.4%CVE-2025-65074HIGHOS Command Injection via Path Traversal in WaveStore ServerEPSS 0.4%CVE-2025-66302MEDIUMGrav vulnerable to Path Traversal allowing server files backupEPSS 0.4%CVE-2018-25144HIGHMicrohard Systems IPn4G 1.1.0 Arbitrary File Access via Undocumented System EditorEPSS 0.4%CVE-2026-25964MEDIUMTandoor Recipes Affected by Authenticated Local File Disclosure (LFD) via Recipe Import leads to Arbitrary File ReadEPSS 0.4%CVE-2026-24687MEDIUMUmbraco.Forms has path traversal and file enumeration vulnerability in Linux/MacEPSS 0.4%CVE-2024-37825MEDIUMAn issue in EnvisionWare Computer Access & Reservation Control SelfCheck v1.0 (fixed in OneStop 3.2.0.27184 Hotfix May 2024) allows unauthenEPSS 0.4%