Weaknesses of type CWE-22
4,854 resultsCVE-2025-7452MEDIUMkone-net go-chat Endpoint file_controller.go GetFile path traversalEPSS 0.3%CVE-2025-62856LOWFile Station 5EPSS 0.3%CVE-2026-5344MEDIUMTextpattern XML-RPC TXP_RPCServer.php mt_uploadImage path traversalEPSS 0.3%CVE-2026-0704MEDIUMIn affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field EPSS 0.3%CVE-2025-61653LOWExtension:TextExtracts does not check for authorizeRead when returning extractsEPSS 0.3%CVE-2024-23772MEDIUMAn issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulEPSS 0.3%CVE-2026-42888MEDIUMAudiobookshelf: Path Traversal vulnerability in the audiobookshelf projectEPSS 0.3%CVE-2026-42275HIGHzrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/writeEPSS 0.3%CVE-2026-59149MEDIUMMockoon: Path traversal in templated `filePath` lets a request escape the served directory (prefix-only base check)EPSS 0.3%CVE-2025-35056MEDIUMNewforma Info Exchange (NIX) limited file readEPSS 0.3%CVE-2026-56273MEDIUMFlowise - Path Traversal in Vector Store basePath ParameterEPSS 0.3%CVE-2025-58769LOWauth0-PHP: Improper File Type Handling in Bulk User ImportEPSS 0.3%CVE-2026-27884MEDIUMNetExec vulnerable to arbitrary file write via path traversal in spider_plus moduleEPSS 0.3%CVE-2026-25766MEDIUMEcho has a Windows path traversal via backslash in middleware.Static default filesystemEPSS 0.3%CVE-2026-32567MEDIUMWordPress YML for Yandex Market plugin < 5.3.0 - Arbitrary File Deletion vulnerabilityEPSS 0.3%CVE-2025-53080HIGHImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated aEPSS 0.3%CVE-2025-65075MEDIUMArbitrary File Read and Delete via Path Traversal in WaveStore ServerEPSS 0.3%CVE-2025-69618HIGHAn arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite criticaEPSS 0.3%CVE-2025-69055MEDIUMWordPress BM Content Builder plugin < 3.16.3.3 - Arbitrary File Download vulnerabilityEPSS 0.3%CVE-2025-54748MEDIUMWordPress MapSVG Plugin < 8.6.12 - Arbitrary File Download VulnerabilityEPSS 0.3%