Weaknesses of type CWE-22

4,840 results
CVE-2025-13791MEDIUMScada-LTS Project Import ZIPProjectManager.java Common.getHomeDir path traversalEPSS 0.4%CVE-2018-0123A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to useEPSS 0.4%CVE-2025-3445HIGHA Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file coEPSS 0.4%CVE-2025-68649MEDIUMAn improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.EPSS 0.4%CVE-2026-8113MEDIUM8421bit MiniClaw executeSkillScript kernel.ts isPathInside path traversalEPSS 0.4%CVE-2026-40724MEDIUMWordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerabilityEPSS 0.4%CVE-2026-36767CRITICALA path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeablEPSS 0.4%CVE-2026-39369HIGHWWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLsEPSS 0.4%CVE-2025-14868HIGHCareer Section <= 1.6 - Cross-Site Request Forgery to Arbitrary File DeletionEPSS 0.4%CVE-2023-35812MEDIUMAn issue was discovered in the Amazon Linux packages of OpenSSH 7.4 for Amazon Linux 1 and 2, because of an incomplete fix for CVE-2019-6111EPSS 0.4%CVE-2023-39407The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.EPSS 0.4%CVE-2026-7149MEDIUMdexhunter kaggle-mcp server.py prepare_kaggle_dataset path traversalEPSS 0.4%CVE-2026-42520HIGHJenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing aEPSS 0.4%CVE-2025-70028HIGHAn issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discovered in Sunbird-Ed SEPSS 0.4%CVE-2026-32747MEDIUMSiYuan: Incomplete sensitive path blocklist in globalCopyFiles allows reading /proc and Docker secretsEPSS 0.4%CVE-2026-7216MEDIUMdonchelo processing-claude-mcp-bridge create_sketch Tool processing_server.py path traversalEPSS 0.4%CVE-2023-42961MEDIUMA path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS SEPSS 0.4%CVE-2026-7213MEDIUMef10007 MLOps_MCP save_file Tool fastmcp_server.py path traversalEPSS 0.4%CVE-2024-5040HIGHLCDS LAquis SCADA Path TraversalEPSS 0.4%CVE-2026-34522HIGHSillyTavern: Path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directoryEPSS 0.4%