Weaknesses of type CWE-22
4,704 resultsCVE-2022-36981HIGHThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although autheEPSS 83.4%CVE-2019-7194CRITICALThis external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability,EPSS 83.0%KEVCVE-2023-40498CRITICALLG Simple Editor cp Command Directory Traversal Remote Code Execution VulnerabilityEPSS 83.0%CVE-2024-0769MEDIUMD-Link DIR-859 HTTP POST Request hedwig.cgi path traversalEPSS 82.7%KEVCVE-2022-38418CRITICALAdobe ColdFusion Application Server Directory Traversal Remote Code Execution VulnerabilityEPSS 80.0%CVE-2021-21402HIGHUnauthenticated Arbitrary File Access in JellyfinEPSS 79.9%CVE-2018-18809CRITICALTIBCO JasperReports Library Directory Traversal VulnerabilityEPSS 79.8%KEVCVE-2017-11512—The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the namEPSS 79.6%CVE-2023-2745MEDIUMWordPress Core < 6.2.1 - Directory TraversalEPSS 79.5%CVE-2021-41291HIGHECOA BAS controller - Path Traversal-1EPSS 79.4%CVE-2022-38421HIGHAdobe ColdFusion Application Server Directory Traversal Remote Code Execution VulnerabilityEPSS 79.2%CVE-2023-39143CRITICALPaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. ThEPSS 78.7%CVE-2021-39312HIGHTrue Ranker <= 2.2.2 Directory Traversal/Arbitrary File ReadEPSS 78.4%CVE-2022-2560HIGHThis vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. AuEPSS 77.7%CVE-2025-2294CRITICALKubio AI Page Builder <= 2.5.1 - Unauthenticated Local File InclusionEPSS 77.3%CVE-2023-40496HIGHLG Simple Editor copyStickerContent Directory Traversal Information Disclosure VulnerabilityEPSS 77.2%CVE-2023-40495HIGHLG Simple Editor copyTemplateAll Directory Traversal Information Disclosure VulnerabilityEPSS 77.2%CVE-2024-23334MEDIUMaiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversalEPSS 76.9%CVE-2025-8110HIGHFile overwrite in file update API in GogsEPSS 76.5%KEVCVE-2023-32167MEDIUMD-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion VulnerabilityEPSS 76.5%