Weaknesses of type CWE-22

4,852 results
CVE-2025-48017CRITICALImproper Limitation of a Pathname to a Restricted DirectoryEPSS 0.4%CVE-2026-3089MEDIUMActual Sync Server 26.2.1 - Authenticated Path TraversalEPSS 0.4%CVE-2026-56122HIGHWinstone Servlet Engine 0.9.10 Path Traversal via HTTP Request PathsEPSS 0.4%CVE-2026-46486MEDIUMMobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processingEPSS 0.4%CVE-2023-49801MEDIUMLif Auth Server vulnerable to uncontrolled data in path expression EPSS 0.4%CVE-2026-39406MEDIUM@hono/node-server has a middleware bypass via repeated slashes in serveStaticEPSS 0.4%CVE-2025-54715MEDIUMWordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.9.0 - Arbitrary File Download VulnerabilityEPSS 0.4%CVE-2026-22677MEDIUMHermes WebUI < 0.51.44 Path Traversal via Session Import EndpointEPSS 0.4%CVE-2023-51651MEDIUMPotential URI resolution path traversal in the AWS SDK for PHPEPSS 0.4%CVE-2026-32847HIGHDeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.pyEPSS 0.4%CVE-2025-7108MEDIUMrisesoft-y9 Digital-Infrastructure Y9FileController.java deleteFile path traversalEPSS 0.4%CVE-2025-8151MEDIUMHT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File ActionsEPSS 0.4%CVE-2024-23773HIGHAn issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulEPSS 0.4%CVE-2026-53825HIGHOpenClaw < 2026.4.7 - Arbitrary Local File Read via memory-wiki Ingest with operator.write ScopeEPSS 0.4%CVE-2025-27397MEDIUMA vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit uEPSS 0.4%CVE-2026-23481MEDIUMBlinko: Authenticated Arbitrary File Write - saveAdditionalDevFileEPSS 0.4%CVE-2026-3339LOWKeep Backup Daily <= 2.1.1 - Authenticated (Admin+) Limited Path Traversal via 'kbd_path' ParameterEPSS 0.4%CVE-2026-30403HIGHThere is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, wEPSS 0.4%CVE-2026-47118HIGHAgent Zero < 1.15 Path Traversal File Read via image_get APIEPSS 0.4%CVE-2026-3345MEDIUMPath Traversal and Arbitrary File Write Vulnerability in IBM Langflow Desktop API v2 File Upload EndpointEPSS 0.4%