Weaknesses of type CWE-22
4,857 resultsCVE-2021-25452MEDIUMAn improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform pEPSS 0.1%CVE-2026-45380LOWbit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymlink()`EPSS 0.1%CVE-2026-49356LOWBabel: Arbitrary File Read via sourceMappingURL Comment in @babel/coreEPSS 0.1%CVE-2025-53594MEDIUMQfinder Pro, Qsync, QVPNEPSS 0.1%CVE-2025-48567HIGHIn multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrecEPSS 0.1%CVE-2023-21093HIGHIn extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a paEPSS 0.1%CVE-2026-41009MEDIUMLocal Blobstore may allow arbitrary reads/deletesEPSS 0.1%CVE-2023-35670HIGHIn computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a patEPSS 0.1%CVE-2025-48550MEDIUMIn testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. This coEPSS 0.1%CVE-2024-47027HIGHIn sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. EPSS 0.1%CVE-2026-53766MEDIUMchrome-devtools-mcp: validatePath() does not canonicalize symlinks before enforcing rootsEPSS 0.1%CVE-2025-48636HIGHIn openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. ThEPSS 0.1%CVE-2026-0055MEDIUMIn createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid dirEPSS 0.1%CVE-2025-9142HIGHLocal privilege escalation in Harmony SASE Windows AgentEPSS 0.1%CVE-2026-61445CRITICALPraisonAI before 4.6.78 Arbitrary File Write and Command ExecutionEPSS —CVE-2026-56260HIGHCrawl4AI - Arbitrary File Write via output_path ParameterEPSS —CVE-2026-60088MEDIUMPraisonAI before 4.6.78 Path Traversal via Custom CommandsEPSS —