Weaknesses of type CWE-22
4,704 resultsCVE-2023-27856HIGHRockwell Automation ThinManager ThinServer Path Traversal DownloadEPSS 76.1%CVE-2015-0016HIGHDirectory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server EPSS 75.9%KEVCVE-2024-55947HIGHGogs has a Path Traversal in file update APIEPSS 75.2%CVE-2014-0780CRITICALInduSoft Web Studio Path TraversalEPSS 74.5%KEVCVE-2023-32166HIGHD-Link D-View uploadFile Directory Traversal Arbitrary File Creation VulnerabilityEPSS 74.3%CVE-2021-20123HIGHA local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet eEPSS 74.3%KEVCVE-2021-27272HIGHThis vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System EPSS 73.8%CVE-2022-36982MEDIUMThis vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentEPSS 73.8%CVE-2021-27275HIGHThis vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAREPSS 73.3%CVE-2023-32165CRITICALD-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution VulnerabilityEPSS 73.3%CVE-2024-27954CRITICALWordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary File Download and SSRF vulnerabilityEPSS 73.0%CVE-2023-0126HIGHPre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitEPSS 72.7%CVE-2021-27276HIGHThis vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System EPSS 72.5%CVE-2023-32985MEDIUMJenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackeEPSS 72.4%CVE-2023-2825CRITICALAn issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulneEPSS 71.6%CVE-2024-24992HIGHA Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitraryEPSS 70.9%CVE-2023-6893MEDIUMHikvision Intercom Broadcasting System exportrecord.php path traversalEPSS 70.2%CVE-2014-0750—GE Proficy HMI/SCADA Path TraversalEPSS 70.2%CVE-2021-32682CRITICALMultiple vulnerabilities leading to RCEEPSS 69.9%CVE-2021-20124HIGHA local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. EPSS 69.2%KEV