Weaknesses of type CWE-22
4,846 resultsCVE-2026-13054HIGHWatchGuard Firebox Arbitrary File Write via Path Traversal in Management Web UIEPSS 0.4%CVE-2025-65838HIGHPublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method.EPSS 0.4%CVE-2025-8562MEDIUMCustom Query Shortcode <= 0.4.0 - Authenticated (Contributor+) Path Traversal via lens ParameterEPSS 0.4%CVE-2026-32719MEDIUMAnythingLLM has a Zip Slip Path Traversal and Code Execution via Community Hub Plugin ImportEPSS 0.4%CVE-2026-2552MEDIUMZenTao Editor control.php delete path traversalEPSS 0.4%CVE-2026-30973MEDIUMZip Slip arbitrary file write in @appium/support ZIP extractionEPSS 0.4%CVE-2026-41493MEDIUMyard: Possible arbitrary path traversal and file access via yard serverEPSS 0.4%CVE-2026-32758MEDIUMFile Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination ParameterEPSS 0.4%CVE-2026-41917MEDIUMOpenKM 6.3.12 Local File Inclusion via Admin ScriptingEPSS 0.4%CVE-2025-3356HIGHIBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operationsEPSS 0.4%CVE-2026-31156MEDIUMA path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_geneEPSS 0.4%CVE-2026-40180HIGHZip Slip Path Traversal in quarkus-openapi-generator ApicurioCodegenWrapper classEPSS 0.4%CVE-2025-10777MEDIUMJSC R7 R7-Office Document Server downloadas path traversalEPSS 0.4%CVE-2026-25152MEDIUM@backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local GeneratorEPSS 0.4%CVE-2026-42353HIGHPath traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parametersEPSS 0.4%CVE-2025-54021HIGHWordPress Simple File List plugin <= 6.1.14 - Arbitrary File Download vulnerabilityEPSS 0.4%CVE-2026-33949HIGH@tinacms/graphql has Path Traversal that leads to overwrite of arbitrary filesEPSS 0.4%CVE-2025-4530MEDIUMfeng_ha_ha/megagao ssm-erp/production_ssm File FileController.java handleFileDownload path traversalEPSS 0.4%CVE-2026-45807HIGHKestra: Path traversal via URL-encoded "%2E%2E" in execution and namespace file endpoints allows arbitrary file readEPSS 0.4%CVE-2025-53081MEDIUMAn 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on thEPSS 0.4%