Weaknesses of type CWE-22
4,856 resultsCVE-2026-45775MEDIUMDiscourse: Cross-site backup access via path traversal in multisite local backupsEPSS 0.3%CVE-2021-35230MEDIUMUnquoted Path Vulnerability (SMB Login) in Kiwi CatToolsEPSS 0.3%CVE-2024-32163MEDIUMCMSeasy 7.7.7.9 is vulnerable to code execution.EPSS 0.3%CVE-2026-32055HIGHOpenClaw < 2026.2.26 - Workspace Path Boundary Bypass via Non-existent SymlinkEPSS 0.3%CVE-2026-44068HIGHEA path traversal via incomplete sanitizationEPSS 0.3%CVE-2026-11423CRITICALPath Traversal in Altium Enterprise Server Collaboration Service Allows Privilege EscalationEPSS 0.3%CVE-2026-44594HIGHesm.sh: Path Traversal via package.json browser field allows reading arbitrary server filesEPSS 0.3%CVE-2026-23521MEDIUMTraccar vulnerable to Path Traversal and External Control of File Name or PathEPSS 0.3%CVE-2026-8643MEDIUMpip can extract console_scripts and gui_scripts outside installation directoryEPSS 0.3%CVE-2026-35496MEDIUMA path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-lEPSS 0.3%CVE-2026-40090HIGHZarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File WriteEPSS 0.3%CVE-2026-35583MEDIUMEmissary has a Path Traversal via Blacklist Bypass in Configuration APIEPSS 0.3%CVE-2026-44647HIGHOneDev: Path Traversal (read capability via Git LFS pointer resolution)EPSS 0.3%CVE-2026-54394MEDIUMMISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG filesEPSS 0.3%CVE-2026-8811HIGHPath traversal in PDF generation moduleEPSS 0.3%CVE-2026-35484MEDIUMtext-generation-webui has a Path Traversal in load_preset() — .yaml file read without authenticationEPSS 0.3%CVE-2025-14293MEDIUMWP Job Portal <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File ReadEPSS 0.3%CVE-2025-68002MEDIUMWordPress Open User Map plugin <= 1.4.16 - Arbitrary File Download vulnerabilityEPSS 0.3%CVE-2021-29088HIGHImproper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) beforeEPSS 0.3%CVE-2026-42564HIGHjotty·page: Unauthenticated Path Traversal leads to sensitive file disclosure and session-token reuse impactEPSS 0.3%