Weaknesses of type CWE-22

4,857 results
CVE-2026-32061MEDIUMOpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path TraversalEPSS 0.1%CVE-2022-20449MEDIUMIn writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. EPSS 0.1%CVE-2026-42866MEDIUMTookie: Arbitrary file write via path traversal in -u username / -U userfile output filenameEPSS 0.1%CVE-2026-45224MEDIUMCrabbox < 0.9.0 Path Traversal via Islo Provider Workspace ResolutionEPSS 0.1%CVE-2025-22240MEDIUMCVE-2025-22240 salt advisoryEPSS 0.1%CVE-2026-35613MEDIUMPath traversal in coursevault-preview due to improper base-directory boundary validationEPSS 0.1%CVE-2026-60089MEDIUMPraisonAI before 1.6.78 Path Traversal via config.tomlEPSS 0.1%CVE-2026-29050MEDIUMmelange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].usesEPSS 0.1%CVE-2025-20259MEDIUMCisco ThousandEyes Endpoint Agent for Windows Arbitrary File Write VulnerabilityEPSS 0.1%CVE-2025-24268MEDIUMA parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. AEPSS 0.1%CVE-2026-47712LOWDulwich doesn't sanitize commit subjects in `porcelain.format_patch`EPSS 0.1%CVE-2026-13748MEDIUMSnowflake CLI Arbitrary Local File Read and Exfiltration Through Improper File Path RestrictionEPSS 0.1%CVE-2025-14617MEDIUMJehovahs Witnesses JW Library App org.jw.jwlibrary.mobile.activity.SiloContainer path traversalEPSS 0.1%CVE-2025-15066MEDIUMArbitrary File Download through Path Traversal in Innorix WPEPSS 0.1%CVE-2026-58203MEDIUMNestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_sizeEPSS 0.1%CVE-2026-58460HIGHreact-native-receive-sharing-intent Path Traversal via _display_nameEPSS 0.1%CVE-2026-59946MEDIUMComposer: Path traversal in package bin field lets dependencies chmod arbitrary host filesEPSS 0.1%CVE-2026-28482HIGHOpenClaw < 2026.2.12 - Path Traversal via Unsanitized sessionId and sessionFile ParametersEPSS 0.1%CVE-2026-44171MEDIUMMariaDB: path traversal in mbstreamEPSS 0.1%CVE-2026-49406MEDIUMDeno: BYONM module resolution allows `package.json` main path traversal to bypass `--allow-read` restrictionsEPSS 0.1%