Weaknesses of type CWE-22

4,857 results
CVE-2025-11696HIGHStudio 5000 ® Simulation Interface SSRFEPSS 0.2%CVE-2026-24843HIGHmelange QEMU runner could write files outside workspace directoryEPSS 0.2%CVE-2026-43940HIGHelecterm: Path traversal in electerm runWidget leads to arbitrary code executionEPSS 0.2%CVE-2021-25361HIGHAn improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary EPSS 0.2%CVE-2025-22241MEDIUMCVE-2025-22241 salt advisoryEPSS 0.2%CVE-2026-35363MEDIUMuutils coreutils rm Safeguard Bypass via Improper Path NormalizationEPSS 0.2%CVE-2026-56377MEDIUMImageMagick - Policy Bypass via Incorrect Path ValidationEPSS 0.2%CVE-2026-6855HIGHInstructlab: instructlab: path traversal allows arbitrary directory creation and file writeEPSS 0.2%CVE-2016-20041HIGHYasr 0.6.9-5 Buffer Overflow via Command-line ParameterEPSS 0.2%CVE-2025-0542HIGHG DATA Management Server Local privilege escalationEPSS 0.2%CVE-2016-20040HIGHTiEmu 3.03-nogdb+dfsg-3 Buffer Overflow via ROM ParameterEPSS 0.2%CVE-2026-44022MEDIUMDocling: Potential Path Traversal via LaTeX \includegraphics and \input CommandsEPSS 0.2%CVE-2026-20614HIGHA path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe EPSS 0.2%CVE-2026-20615HIGHA path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS TaEPSS 0.2%CVE-2026-35204HIGHHelm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directoryEPSS 0.2%CVE-2022-20453MEDIUMIn update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to lEPSS 0.2%CVE-2025-43934MEDIUMDell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 releasEPSS 0.2%CVE-2026-55443MEDIUMLangChain: Path traversal and sandbox escape in LangChain file-search middleware and loadersEPSS 0.2%CVE-2025-44021LOWOpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via theEPSS 0.2%CVE-2026-41972MEDIUMPath traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability.EPSS 0.2%