Weaknesses of type CWE-22
4,723 resultsCVE-2023-35844HIGHpackages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensEPSS 6.3%CVE-2024-45711HIGHSolarWinds Serv-U FTP Service Directory Traversal Remote Code Execution VulnerabilityEPSS 6.3%CVE-2024-33605HIGHImproper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affecteEPSS 6.2%CVE-2017-16744—A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on MicrosEPSS 6.2%CVE-2021-28588HIGHAdobe RoboHelp Server folderId Directory Traversal Remote Code Execution VulnerabilityEPSS 6.2%CVE-2025-68145MEDIUMmcp-server-git has missing path validation when using --repository flagEPSS 6.2%CVE-2018-10870CRITICALredhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwritEPSS 6.2%CVE-2020-29495CRITICALDELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticatEPSS 6.2%CVE-2013-1891—In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.EPSS 6.1%CVE-2024-31849CRITICALA path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which cEPSS 6.1%CVE-2024-50322HIGHPath traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthentEPSS 6.0%CVE-2026-38360CRITICALDirectory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code viaEPSS 6.0%CVE-2026-20180CRITICALCisco Identity Services Engine Multiple Remote Code Execution VulnerabilityEPSS 6.0%CVE-2018-1002209—QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip EPSS 5.9%CVE-2022-26500HIGHImproper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to inteEPSS 5.9%KEVCVE-2021-24970—All-In-One-Gallery < 2.5.0 - Admin+ Local File InclusionEPSS 5.9%CVE-2017-6636—A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticatedEPSS 5.9%CVE-2022-3782CRITICALkeycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirEPSS 5.8%CVE-2024-23479CRITICALSolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution VulnerabilityEPSS 5.8%CVE-2022-24785HIGHPath Traversal in Moment.jsEPSS 5.7%