Weaknesses of type CWE-22
4,768 resultsCVE-2025-6799HIGHMarvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure VulnerabilityEPSS 1.3%CVE-2025-6797HIGHMarvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure VulnerabilityEPSS 1.3%CVE-2025-6800HIGHMarvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure VulnerabilityEPSS 1.3%CVE-2025-6804HIGHMarvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure VulnerabilityEPSS 1.3%CVE-2025-6796HIGHMarvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure VulnerabilityEPSS 1.3%CVE-2026-11442MEDIUMAllegra exportReport Directory Traversal Information Disclosure VulnerabilityEPSS 1.3%CVE-2024-13725CRITICALKeap Official Opt-in Forms <= 2.0.1 - Unauthenticated Limited Local File InclusionEPSS 1.3%CVE-2023-51127HIGHFLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vEPSS 1.3%CVE-2026-2426MEDIUMWP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'file' ParameterEPSS 1.3%CVE-2023-4616HIGHthumbnail Directory Path Traversal Allows Unauthenticated Arbitrary File Read VulnerabilityEPSS 1.3%CVE-2023-4615HIGHupdateFile Directory Path Traversal Allows Unauthenticated Arbitrary File Read VulnerabilityEPSS 1.3%CVE-2024-27144CRITICALPre-authenticated Remote Code ExecutionEPSS 1.2%CVE-2025-66262CRITICALArbitrary File Overwrite via Tar Extraction Path TraversalEPSS 1.2%CVE-2025-20187MEDIUMCisco SD-WAN Manager Software Arbitrary File Creation VulnerabilityEPSS 1.2%CVE-2019-19102MEDIUMZip Slip vulnerability in 3rd-Party library in B&R Automation Studio upgrade serviceEPSS 1.2%CVE-2024-21891HIGHNode.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-dEPSS 1.2%CVE-2023-26691HIGHDirectory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when instEPSS 1.2%CVE-2022-23082HIGHCureKit - Path Traversal in isFileOutsideDirEPSS 1.2%CVE-2024-33502MEDIUMAn improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 thrEPSS 1.2%CVE-2022-27620MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server befoEPSS 1.2%