Weaknesses of type CWE-22

4,856 results
CVE-2025-66206MEDIUMFrappe vulnerable to a path traversal allowing reading certain filesEPSS 0.3%CVE-2024-47263MEDIUMAn improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in SynEPSS 0.3%CVE-2026-45571MEDIUMgo-git: Crafted repositories may modify main and submodule .git directoriesEPSS 0.3%CVE-2018-10501This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. AnEPSS 0.3%CVE-2025-29213MEDIUMA zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a EPSS 0.3%CVE-2026-6957HIGHPath traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.EPSS 0.3%CVE-2026-7807HIGHSmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} APIEPSS 0.3%CVE-2026-14468HIGHPath traversal allows arbitrary file read in Terraform Enterprise containerEPSS 0.3%CVE-2026-48944MEDIUMJoomla Extension - getk2.org - Exposure of sensitive files via attachment copy in K2 extension for Joomla < 2.26EPSS 0.3%CVE-2026-42679MEDIUMWordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerabilityEPSS 0.3%CVE-2026-13509MEDIUMRAGapp Knowledge File files.py FileHandler.remove_file path traversalEPSS 0.3%CVE-2024-12425LOWPath traversal leading to arbitrary .ttf file writeEPSS 0.3%CVE-2026-7445MEDIUMZachHandley ZMCPTools MCP Log Resource ResourceManager.ts path traversalEPSS 0.3%CVE-2026-7599MEDIUMDayoooun hwpx-mcp MCP index.ts export_to_html path traversalEPSS 0.3%CVE-2026-7728MEDIUMryanjoachim mcp-rtfm MCP update_doc path traversalEPSS 0.3%CVE-2026-57321HIGHWordPress H5P plugin <= 1.17.7 - Arbitrary File Deletion vulnerabilityEPSS 0.3%CVE-2026-41140LOWPoetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4EPSS 0.3%CVE-2024-9597HIGHPath Traversal in parisneo/lollmsEPSS 0.3%CVE-2026-6961HIGHCVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation syncEPSS 0.3%CVE-2025-61647LOWUserInfoCard: Don't allow access to information about users who are suppressed if you don't have suppressor rightsEPSS 0.3%