Weaknesses of type CWE-22
4,856 resultsCVE-2026-30915MEDIUMSFTPGo improperly sanitizes placeholders in group home directories/key prefixesEPSS 0.3%CVE-2025-8054HIGHPath Traversal vulnerability have been discovered in OpenText™ XM Fax.EPSS 0.3%CVE-2026-1793MEDIUMElement Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File ReadEPSS 0.3%CVE-2026-48129MEDIUMKestra task inputFiles accepts traversal filenames for worker file writesEPSS 0.3%CVE-2026-9153MEDIUMArbitrary File Read in Rapid7 InsightConnect Sed PluginEPSS 0.3%CVE-2025-53505MEDIUMGroup-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulneraEPSS 0.3%CVE-2026-58173MEDIUMVibe-Trading < 0.1.10 - Path Traversal via Persistent Memory TypeEPSS 0.3%CVE-2025-15020MEDIUMGotham Block Extra Light <= 1.5.0 - Authenticated (Contributor+) Arbitrary File Read via 'ghostban' ShortcodeEPSS 0.3%CVE-2026-41180HIGHPsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restartEPSS 0.3%CVE-2026-41655MEDIUMAdmidio: Path Traversal in ECard Preview Allows Reading Arbitrary Server Files Including Database CredentialsEPSS 0.3%CVE-2026-47179HIGHArcane: Authenticated Arbitrary Host File Read via Docker Compose Include Directives in ArcaneEPSS 0.3%CVE-2026-39378MEDIUMnbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image EmbeddingEPSS 0.3%CVE-2022-36035HIGHFlux CLI Workload InjectionEPSS 0.3%CVE-2026-41419HIGH4ga Boards: Import Path Traversal Leads to Arbitrary File ReadEPSS 0.3%CVE-2024-25859HIGHA path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and exeEPSS 0.3%CVE-2026-44996MEDIUMOpenClaw < 2026.4.15 - Arbitrary Local File Read via Webchat Audio EmbeddingEPSS 0.3%CVE-2026-45565HIGHRoxy-WI: EscapedString validator skips its '..' block when stripping (root cause for several path-traversal/RCE vectors)EPSS 0.3%CVE-2025-61654NONEUserInfoCard: Do permission checking when getting counts of global and local edits, new articles and thanksEPSS 0.3%CVE-2026-55201HIGHEvil-WinRM - Path Traversal in download_dir() FunctionEPSS 0.3%CVE-2023-33544MEDIUMhawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after deEPSS 0.3%