Weaknesses of type CWE-22
4,856 resultsCVE-2025-69267HIGHSpectrum directory path traversalEPSS 0.3%CVE-2024-53566MEDIUMAn issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to executEPSS 0.3%CVE-2026-41693HIGHi18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwriteEPSS 0.3%CVE-2026-7185MEDIUMUnauthorized access to files in T-Systems productsEPSS 0.3%CVE-2026-56448HIGHAuthenticated Path Traversal in AIL Framework Investigation Downloads Allows Arbitrary File ReadEPSS 0.3%CVE-2025-42970MEDIUMDirectory Traversal vulnerability in SAPCAREPSS 0.3%CVE-2026-34451MEDIUMClaude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling DirectoriesEPSS 0.3%CVE-2026-54286MEDIUMHono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)EPSS 0.3%CVE-2026-55092HIGHTrivy: Path traversal via a crafted vulnerability database or other downloaded artifactsEPSS 0.3%CVE-2026-2216MEDIUMrachelos WeRSS we-mp-rss tools.py download_export_file path traversalEPSS 0.3%CVE-2026-32262MEDIUMCraft CMS has a Path Traversal Vulnerability in AssetsControllerEPSS 0.3%CVE-2026-39306HIGHPraisonAI recipe registry pull path traversal writes files outside the chosen output directoryEPSS 0.3%CVE-2025-36597MEDIUMDell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path TraveEPSS 0.3%CVE-2024-40712HIGHA path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege esEPSS 0.3%CVE-2026-27800HIGHZed has Zip Slip Path Traversal in Extension Archive ExtractionEPSS 0.3%CVE-2025-6210MEDIUMHardlink-Based Path Traversal in run-llama/llama_indexEPSS 0.3%CVE-2025-49089MEDIUMwangxutech MoneyPrinterTurbo 1.2.6 allows path traversal via /api/v1/download/ URIs such as /api/v1/download//etc/passwd.EPSS 0.3%CVE-2025-65076HIGHArbitrary File Read and Delete via Path Traversal in WaveStore ServerEPSS 0.3%CVE-2026-46397MEDIUMhaxcms-php Local File Inclusion via saveOutline API Location Parameter v2.0EPSS 0.3%CVE-2026-26960HIGHnode-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in ExtractionEPSS 0.3%