Weaknesses of type CWE-22
4,840 resultsCVE-2026-7212MEDIUMedvardlindelof notes-mcp notes_mcp.py path traversalEPSS 0.4%CVE-2026-7314MEDIUMeiceblue spire-doc-mcp-server base.py get_doc_path path traversalEPSS 0.4%CVE-2026-7398MEDIUMflorensiawidjaja BioinfoMCP Upload Endpoint app.py upload path traversalEPSS 0.4%CVE-2026-34522HIGHSillyTavern: Path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directoryEPSS 0.4%CVE-2026-7315MEDIUMeiceblue spire-pdf-mcp-server PDF File server.py get_pdf_path path traversalEPSS 0.4%CVE-2026-7810MEDIUMUsamaK98 python-notebook-mcp server.py add_cell path traversalEPSS 0.4%CVE-2025-49303MEDIUMWordPress Frontend Admin by DynamiApps plugin <= 3.28.7 - Arbitrary File Download VulnerabilityEPSS 0.4%CVE-2026-7214MEDIUMeghuzefa engineer-your-data server.py file_inf path traversalEPSS 0.4%CVE-2024-55926HIGHArbitrary file upload, deletion and read through header manipulationEPSS 0.4%CVE-2026-21726MEDIUMLoki Path Traversal - CVE-2021-36156 BypassEPSS 0.4%CVE-2026-52844HIGHCaddy: Windows `file_server` path authorization bypass via encoded backslashEPSS 0.4%CVE-2026-28453HIGHOpenClaw < 2026.2.14 - Zip Slip Path Traversal in TAR Archive ExtractionEPSS 0.4%CVE-2025-10233MEDIUMkalcaddle kodbox editor.class.php fileSave path traversalEPSS 0.4%CVE-2026-23939MEDIUMPath Traversal in Local File Store BackendEPSS 0.4%CVE-2026-48544HIGHTaipy 4.1.1 Path Traversal via ElementLibrary.get_resource()EPSS 0.4%CVE-2025-37144MEDIUMAuthenticated Arbitrary File Download Vulnerabilities in a Low-Level Interface Library Affecting AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management InterfaceEPSS 0.4%CVE-2025-37145MEDIUMAuthenticated Arbitrary File Download Vulnerabilities in a Low-Level Interface Library Affecting AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management InterfaceEPSS 0.4%CVE-2026-26329HIGHOpenClaw has a path traversal in browser upload allows local file readEPSS 0.4%CVE-2026-24741HIGHConvertX Vulnerable to Arbitrary File Deletion via Path Traversal in `POST /delete`EPSS 0.4%CVE-2026-7086MEDIUMHBAI-Ltd Toonflow-app Storyboard Export replaceUrl.ts updateStoryboardUrl path traversalEPSS 0.4%