Weaknesses of type CWE-22

4,840 results
CVE-2025-52574HIGHSysmonElixir path traversal in /read endpoint allows arbitrary file readEPSS 0.4%CVE-2026-33227MEDIUMApache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ: Improper Limitation of a Pathname to a Restricted Classpath DirectoryEPSS 0.4%CVE-2026-44243HIGHGitPython: Path traversal in GitPython reference APIs allows arbitrary file write and delete outside the repositoryEPSS 0.4%CVE-2026-7519MEDIUMFujian Apex LiveBOS Endpoint UploadImage.do path traversalEPSS 0.4%CVE-2024-13991HIGHHuijietong Cloud Video Platform fileDownload Arbitrary File ReadEPSS 0.4%CVE-2026-7594MEDIUMFlux159 mcp-game-asset-gen MCP index.ts image_to_3d_async path traversalEPSS 0.4%CVE-2026-33238MEDIUMAVideo has a Path Traversal in listFiles.json.php that Enables Server Filesystem EnumerationEPSS 0.4%CVE-2026-7811MEDIUM54yyyu code-mcp MCP File server.py is_safe_path path traversalEPSS 0.4%CVE-2026-32885MEDIUMDDEV has ZipSlip path traversal in tar and zip archive extractionEPSS 0.4%CVE-2026-7384MEDIUMezequiroga mcp-bases research_server.py search_papers path traversalEPSS 0.4%CVE-2026-31978MEDIUMmotionEye: Arbitrary File Read via Path Traversal in Picture/Movie Preview EndpointEPSS 0.4%CVE-2026-58015MEDIUMGlib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receiveEPSS 0.4%CVE-2025-66428HIGHAn issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation.EPSS 0.4%CVE-2025-11607MEDIUMharry0703 MoneyPrinterTurbo API Endpoint music.py upload_music path traversalEPSS 0.4%CVE-2026-49136HIGHBanana Slides 0.4.0 Path Traversal via generate_image() in ai_service.pyEPSS 0.4%CVE-2026-1812MEDIUMbolo-blog bolo-solo Filename BackupService.java importFromCnblogs path traversalEPSS 0.4%CVE-2025-5029MEDIUMKingdee Cloud Galaxy Private Cloud BBC System File deleteFileAction.jhtml path traversalEPSS 0.4%CVE-2026-41370HIGHOpenClaw < 2026.3.31 - Path Traversal via Inbound Channel Attachment Path in ACP DispatchEPSS 0.4%CVE-2023-41888MEDIUMPhishing through a login page malicious URL in GLPIEPSS 0.4%CVE-2025-46527MEDIUMWordPress Web3Press – Decentralize Publishing with Writing NFT plugin <= 3.2.0 - Arbitrary File Read vulnerabilityEPSS 0.4%