Weaknesses of type CWE-22
4,785 resultsCVE-2026-36723HIGHAn unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage direEPSS 1.0%CVE-2022-29253LOWPath Traversal in XWiki PlatformEPSS 1.0%CVE-2023-36667HIGHCouchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal.EPSS 1.0%CVE-2022-3389HIGHPath Traversal in ikus060/rdiffwebEPSS 1.0%CVE-2023-45723HIGHPath Traversal which allows file upload capability affects DRYiCE MyXalyticsEPSS 1.0%CVE-2023-30172HIGHA directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary fEPSS 1.0%CVE-2024-7149HIGHEvent Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.8 - Authenticated (Contributor+) Local File InclusionEPSS 1.0%CVE-2024-10625CRITICALWooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File DeletionEPSS 1.0%CVE-2025-27783HIGHApplio allows arbitrary file write in train.pyEPSS 1.0%CVE-2023-26126HIGHAll versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested viEPSS 1.0%CVE-2024-12830HIGHArista NG Firewall custom_handler Directory Traversal Remote Code Execution VulnerabilityEPSS 1.0%CVE-2025-23304HIGHNVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection EPSS 1.0%CVE-2012-5380MEDIUMUntrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, migEPSS 1.0%CVE-2016-10538—The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting userEPSS 1.0%CVE-2023-46886CRITICALDreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the tEPSS 1.0%CVE-2021-36288HIGHDell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/writeEPSS 1.0%CVE-2024-41887MEDIUMArbitrary File OverwriteEPSS 1.0%CVE-2024-23833HIGHOpenRefine JDBC Attack VulnerabilityEPSS 1.0%CVE-2025-25997HIGHDirectory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php componenEPSS 1.0%CVE-2022-39059HIGHChangingTec MegaServiSignAdapter - Path TraversalEPSS 1.0%