Weaknesses of type CWE-22
4,845 resultsCVE-2022-46305MEDIUMChangingTec ServiSign - Path TraversalEPSS 0.4%CVE-2025-60024HIGHMultiple Improper Limitations of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilities [CWE-22] vulnerability in Fortinet EPSS 0.4%CVE-2025-5385MEDIUMJeeWMS cgformTemplateController.do doAdd path traversalEPSS 0.4%CVE-2025-66300HIGHGrav is vulnerable to Arbitrary File ReadEPSS 0.4%CVE-2026-7182CRITICALPath Traversal in DiagramEPSS 0.4%CVE-2026-7547MEDIUMWoosa <= 2.0.5 - Authenticated (Administrator+) Arbitrary File Read via 'log_file' ParameterEPSS 0.4%CVE-2026-3474MEDIUMEmailKit <= 1.6.3 - Authenticated (Administrator+) Path Traversal via 'emailkit-editor-template' REST API ParameterEPSS 0.4%CVE-2023-25341MEDIUMA Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible toEPSS 0.4%CVE-2021-47979HIGHWordPress Plugin Backup and Restore 1.0.3 Arbitrary File DeletionEPSS 0.4%CVE-2026-33027MEDIUMNginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration DirectoryEPSS 0.4%CVE-2026-5331MEDIUMOpenCart Extension Installer installer.php path traversalEPSS 0.4%CVE-2025-7575MEDIUMZavy86 WikiDocs submit.php image_delete_ajax path traversalEPSS 0.4%CVE-2026-23888MEDIUMpnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)EPSS 0.4%CVE-2025-7518MEDIUMRSFirewall! <= 1.1.42 - Authenticated (Admin+) Arbitrary File ReadEPSS 0.4%CVE-2025-40592MEDIUMA vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), MEPSS 0.4%CVE-2026-42315HIGHpyLoad: Path Traversal via Package Folder Name in set_package_dataEPSS 0.4%CVE-2025-57753MEDIUMvite-plugin-static-copy files not included in `src` are accessible with a crafted requestEPSS 0.4%CVE-2025-59566HIGHWordPress Workreap (theme's plugin) plugin <= 3.3.5 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2026-42129HIGHPath Traversal in Loki Datasource leads to Internal Information DisclosureEPSS 0.4%CVE-2026-43870HIGHApache Thrift: Node.js web_server.js multi-vulnerabilityEPSS 0.4%