Weaknesses of type CWE-22
4,857 resultsCVE-2022-3101—A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restEPSS 0.2%CVE-2022-20850MEDIUMCisco SD-WAN Arbitrary File Deletion VulnerabilityEPSS 0.2%CVE-2024-38358LOWSymlink bypasses filesystem sandbox in wasmerEPSS 0.2%CVE-2025-43382MEDIUMA parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.2,EPSS 0.2%CVE-2023-31427HIGHKnowledge of full path nameEPSS 0.2%CVE-2022-3146—A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restEPSS 0.2%CVE-2025-43463MEDIUMA parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.3,EPSS 0.2%CVE-2026-26972MEDIUMOpenClaw has a Path Traversal in Browser Download FunctionalityEPSS 0.2%CVE-2026-0270MEDIUMCortex XSOAR: Path Traversal VulnerabilityEPSS 0.2%CVE-2026-35206MEDIUMHelm Chart extraction output directory collapse via `Chart.yaml` name dot-segmentEPSS 0.2%CVE-2026-42080MEDIUMPPTAgent: Arbitrary File Write via `save_generated_slides`EPSS 0.2%CVE-2026-14967LOWPath traversal in github_workflows allows writing artifacts outside output directoryEPSS 0.2%CVE-2026-42078MEDIUMPPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_imageEPSS 0.2%CVE-2023-21448MEDIUMPath traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file.EPSS 0.2%CVE-2025-54658HIGHAn Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's OutlooEPSS 0.2%CVE-2026-13426MEDIUMClient4 fails to validate path parametersEPSS 0.2%CVE-2026-42448LOWwormhole receive, with --output pointing at an existing directory can be path-traversedEPSS 0.2%CVE-2024-32944LOWPath traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer EPSS 0.2%CVE-2024-45401HIGHstripe-cli Path Traversal vulnerabilityEPSS 0.2%CVE-2026-41433HIGHOpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIREPSS 0.2%