Weaknesses of type CWE-22
4,846 resultsCVE-2026-53571HIGHVite: `server.fs.deny` bypass on Windows alternate pathsEPSS 0.4%CVE-2026-1810MEDIUMbolo-blog bolo-solo ZIP File BackupService.java unpackFilteredZip path traversalEPSS 0.4%CVE-2020-3588HIGHCisco Webex Meetings Desktop App Arbitrary Code Execution VulnerabilityEPSS 0.4%CVE-2026-43624HIGHF5-TTS 1.1.20 Path Traversal via finetune_gradio.py create_data_project()EPSS 0.4%CVE-2026-25062MEDIUMOutline Affected an Arbitrary File Read via Path Traversal in JSON ImportEPSS 0.4%CVE-2025-5880MEDIUMWhistle get-temp-file path traversalEPSS 0.4%CVE-2026-41589CRITICALWish has SCP Path Traversal that allows arbitrary file read/writeEPSS 0.4%CVE-2025-59819MEDIUMAuthenticated Arbitrary File Read via filepath parameterEPSS 0.4%CVE-2024-24579MEDIUMTar path traversal in stereoscope when processing OCI tar archivesEPSS 0.4%CVE-2026-44373MEDIUMNitro: Proxy scope bypass via percent-encoded path traversal in `routeRules`EPSS 0.4%CVE-2026-41193CRITICALFreeScout has Zip Slip path traversal in module installation that allows arbitrary file write leading to RCEEPSS 0.4%CVE-2024-9675HIGHBuildah: buildah allows arbitrary directory mountEPSS 0.4%CVE-2025-24765HIGHWordPress Image Shadow plugin <= 1.1.0 - Arbitrary File Deletion VulnerabilityEPSS 0.4%CVE-2026-45279MEDIUMNextcloud: Limited path traversal via template API if using `{lang}` in configEPSS 0.4%CVE-2026-24717LOWQTS, QuTS heroEPSS 0.4%CVE-2026-22685HIGHDevToys Path Traversal (“Zip Slip”) Vulnerability in DevToys Extension InstallationEPSS 0.4%CVE-2026-35605MEDIUMFile Browser has an access rule bypass via HasPrefix without trailing separator in path matchingEPSS 0.4%CVE-2025-59381MEDIUMQTS, QuTS heroEPSS 0.4%CVE-2025-28980HIGHWordPress Aviation Weather from NOAA plugin <= 0.7.2 - Arbitrary File Deletion VulnerabilityEPSS 0.4%CVE-2026-6282HIGHA potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remoteEPSS 0.4%