Weaknesses of type CWE-22

4,852 results
CVE-2026-11720CRITICALPath Traversal in googleapis/mcp-toolbox HTTP Tool URL BuilderEPSS 0.4%CVE-2026-3345MEDIUMPath Traversal and Arbitrary File Write Vulnerability in IBM Langflow Desktop API v2 File Upload EndpointEPSS 0.4%CVE-2026-52868HIGHOFFIS DCMTK Toolkit Path TraversalEPSS 0.4%CVE-2026-46484HIGHHeadplane: Path Traversal + RBAC Bypass in renameNode allows authenticated OIDC users to expire or rename any node/userEPSS 0.4%CVE-2025-0332HIGHProgress UI for WinForms decompression path traversal vulnerabilityEPSS 0.4%CVE-2025-63372MEDIUMArticentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing cEPSS 0.4%CVE-2026-6320HIGHSalon Booking System – Free Version <= 10.30.25 - Unauthenticated Arbitrary File Read via Booking File Field Path TraversalEPSS 0.4%CVE-2024-54489MEDIUMA path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura EPSS 0.4%CVE-2024-8510MEDIUMN-central Path TraversalEPSS 0.4%CVE-2025-0615MEDIUMInput validation vulnerability in Qualifio's Wheel of FortuneEPSS 0.4%CVE-2025-14727HIGHNGINX Ingress Controller vulnerabilityEPSS 0.4%CVE-2025-4893MEDIUMjammy928 CoinExchange_CryptoExchange_Java File Upload Endpoint UploadFileUtil.java uploadLocalImage path traversalEPSS 0.4%CVE-2026-29190MEDIUMKarapace: Path Traversal in Backup ReaderEPSS 0.4%CVE-2025-34238MEDIUMAdvantech WebAccess/VPN < 1.1.5 Path Traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction()EPSS 0.4%CVE-2025-0614MEDIUMInput validation vulnerability in Qualifio's Wheel of FortuneEPSS 0.4%CVE-2025-4868MEDIUMmerikbest ecommerce-spring-reactjs File Upload Endpoint admin path traversalEPSS 0.4%CVE-2026-45390CRITICALIn OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not dEPSS 0.4%CVE-2026-12211MEDIUMIntelbras iNVU 7016 FT Web syslog path traversalEPSS 0.4%CVE-2025-14420HIGHpdfforge PDF Architect CBZ File Parsing Directory Traversal Remote Code Execution VulnerabilityEPSS 0.4%CVE-2026-34604HIGH@tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or JunctionsEPSS 0.4%