Weaknesses of type CWE-22

4,856 results
CVE-2026-44788MEDIUMSharpCompress: Directory traversal via directory entries in WriteToDirectory (zip slip variant)EPSS 0.3%CVE-2023-41973HIGHLack of input santization on Zscaler Client Connector enables arbitrary code executionEPSS 0.3%CVE-2025-61649LOWUserInfoCard: Check that performing user has permission to view log entries for number of past blocksEPSS 0.3%CVE-2026-39305CRITICALArbitrary File Write / Path Traversal in Action OrchestratorEPSS 0.3%CVE-2017-20102MEDIUMAlbum Lock getImage path traversalEPSS 0.3%CVE-2026-30848MEDIUMParse Server: `PagesRouter` path traversal allows reading files outside configured pages directoryEPSS 0.3%CVE-2024-44255HIGHA path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 1EPSS 0.3%CVE-2026-42593MEDIUMGotenberg: Arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routesEPSS 0.3%CVE-2026-21851MEDIUMMONAI has Path Traversal (Zip Slip) in NGC Private Bundle DownloadEPSS 0.3%CVE-2020-25243MEDIUMA vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4). A zip slip vulnerability could be triggered while importingEPSS 0.3%CVE-2018-25194HIGHNominas 0.27 SQL Injection via username ParameterEPSS 0.3%CVE-2026-40152MEDIUMPraisonAIAgents has a Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace BoundaryEPSS 0.3%CVE-2026-41211HIGH`vite-plus/binding` has path traversal `downloadPackageManager()` that leads to writes outside of `VP_HOME`EPSS 0.3%CVE-2026-24049HIGHwheel Allows Arbitrary File Permission Modification via Path TraversalEPSS 0.3%CVE-2022-29836LOWPost-Auth Path Traversal Vulnerability Allows to Custom Package Installation via HTTP APIEPSS 0.3%CVE-2026-44973HIGHBilly: Path traversal vulnerabilitiesEPSS 0.3%CVE-2026-4542MEDIUMSSCMS layerImage Endpoint LayerImageController.Submit.cs path traversalEPSS 0.3%CVE-2026-41690HIGHPrototype pollution and path traversal in i18next-http-middleware via user-controlled language and namespace parametersEPSS 0.3%CVE-2025-8054HIGHPath Traversal vulnerability have been discovered in OpenText™ XM Fax.EPSS 0.3%CVE-2026-30915MEDIUMSFTPGo improperly sanitizes placeholders in group home directories/key prefixesEPSS 0.3%