Weaknesses of type CWE-22
4,762 resultsCVE-2023-5212CRITICALAI ChatBot <= 4.8.9 and 4.9.2- Authenticated (Subscriber+) Arbitrary File Deletion via qcld_openai_delete_training_fileEPSS 1.6%CVE-2025-63414CRITICALA Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary comEPSS 1.6%CVE-2022-1657HIGHJupiterX Theme <= 2.0.6 and Jupiter Theme <= 6.10.1 - Authenticated Path Traversal and Local File InclusionEPSS 1.6%CVE-2022-0401CRITICALPath Traversal in yuda-lyu/w-zipEPSS 1.6%CVE-2025-1743MEDIUMzyx0814 Pichome index.php path traversalEPSS 1.6%CVE-2024-13986HIGHNagios XI < 2024R1.3.2 Authenticated Arbitrary File Upload Path Traversal RCEEPSS 1.6%CVE-2024-7601HIGHLogsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion VulnerabilityEPSS 1.6%CVE-2023-41181MEDIUMLG SuperSign Media Editor getSubFolderList Directory Traversal Information Disclosure VulnerabilityEPSS 1.6%CVE-2009-3721—Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived frEPSS 1.6%CVE-2020-3365MEDIUMCisco Enterprise NFV Infrastructure Software Path Traversal VulnerabilityEPSS 1.6%CVE-2017-11162—Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users tEPSS 1.6%CVE-2025-67506CRITICALPipesHub Vulnerable to Path Traversal through Unauthenticated Arbitrary File UploadEPSS 1.6%CVE-2025-69411HIGHWordPress ionCube tester plus plugin <= 1.3 - Arbitrary File Download vulnerabilityEPSS 1.6%CVE-2022-25882HIGHVersions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a pEPSS 1.6%CVE-2021-21357HIGHBroken Access Control in Form FrameworkEPSS 1.6%CVE-2014-10066—Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input EPSS 1.6%CVE-2018-1048—It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus alloEPSS 1.6%CVE-2019-5480—A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders.EPSS 1.6%CVE-2021-29474MEDIUMRelative Path Traversal Attack on note creationEPSS 1.6%CVE-2024-11944HIGHiXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution VulnerabilityEPSS 1.6%