Weaknesses of type CWE-22
4,852 resultsCVE-2026-2863MEDIUMfeng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java deleteFile path traversalEPSS 0.4%CVE-2025-14413HIGHSoda PDF Desktop CBZ File Parsing Directory Traversal Remote Code Execution VulnerabilityEPSS 0.4%CVE-2026-28705MEDIUMGitea repository dumps write release assets using unsafe path namesEPSS 0.4%CVE-2022-28541MEDIUMUncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as SamEPSS 0.4%CVE-2025-53375MEDIUMDokploy allows attackers to read any file that the Traefik process user can accessEPSS 0.4%CVE-2026-43888HIGHOutline: Zip Extraction Path Escape via PATH_MAX Truncation in Collection ImportEPSS 0.4%CVE-2024-3318MEDIUMSailPoint Identity Security Cloud Connector File Path Traversal VulnerabilityEPSS 0.4%CVE-2023-5327LOWSATO CL4NX-J Plus path traversalEPSS 0.4%CVE-2026-6591MEDIUMComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversalEPSS 0.4%CVE-2024-57186MEDIUMIn Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-fileEPSS 0.4%CVE-2026-20916HIGHBIG-IQ iControl REST vulnerabilityEPSS 0.4%CVE-2025-7450MEDIUMletseeqiji gorobbs API user.go ResetUserAvatar path traversalEPSS 0.4%CVE-2026-7676MEDIUMkerwincui FastBee Tool Download Endpoint ToolController.java ToolController.download path traversalEPSS 0.4%CVE-2026-6590MEDIUMComfyUI Model Preview Endpoint model_manager.py get_model_preview path traversalEPSS 0.4%CVE-2026-6487MEDIUMQihui jtbc5 CMS Code Endpoint manage.php path traversalEPSS 0.4%CVE-2025-6453MEDIUMdiyhi bbs API ForumManageAction.java add path traversalEPSS 0.4%CVE-2026-32007HIGHOpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check BypassEPSS 0.4%CVE-2024-26292HIGHAuthenticated Arbitrary File Deletion affecting Avid NEXISEPSS 0.4%CVE-2026-32496MEDIUMWordPress Spam Protect for Contact Form 7 plugin <= 1.2.9 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2022-4773LOWcloudsync LocalFilesystemConnector.java getItem path traversalEPSS 0.4%