Weaknesses of type CWE-22
4,787 resultsCVE-2022-24731MEDIUMPath traversal allows leaking out-of-bound files from Argo CD repo-serverEPSS 0.9%CVE-2024-27821HIGHA path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10EPSS 0.9%CVE-2025-21622HIGHClipBucket V5 Avatar URL Path Traversal to Arbitrary File DeleteEPSS 0.9%CVE-2023-48660HIGH
Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this EPSS 0.9%CVE-2025-11849MEDIUMVersions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of thEPSS 0.9%CVE-2022-43264HIGHArobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via EPSS 0.9%CVE-2024-2294MEDIUMBackuply – Backup, Restore, Migrate and Clone <= 1.2.7 - Authenticated (Admin+) Directory TraversalEPSS 0.9%CVE-2023-24815MEDIUMDisclosure of classpath resources on Windows when mounted on a wildcard route in vertx-webEPSS 0.9%CVE-2023-51232HIGHDirectory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via craftEPSS 0.9%CVE-2026-25527MEDIUMchangedetection.io vulnerable to unauthenticated static path traversalEPSS 0.9%CVE-2022-46306HIGHChangingTec ServiSign - Path TraversalEPSS 0.9%CVE-2022-43975HIGHAn issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the webEPSS 0.9%CVE-2024-7782HIGHContact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.4 - Authenticater (Administrator+) Arbitrary File DeletionEPSS 0.9%CVE-2024-22050HIGHIodine Static File Server Path Traversal VulnerabilityEPSS 0.9%CVE-2026-39365MEDIUMVite has a Path Traversal in Optimized Deps `.map` HandlingEPSS 0.9%CVE-2024-10011HIGHBuddyPress <= 14.1.0 - Authenticated (Subscriber+) Directory TraversalEPSS 0.9%CVE-2024-10361HIGHArbitrary File Deletion via Path Traversal in danny-avila/librechatEPSS 0.9%CVE-2024-44825HIGHDirectory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrEPSS 0.9%CVE-2024-41511LOWA Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers EPSS 0.9%CVE-2026-24770CRITICALRAGFlow Affected by Zip Slip Remote Code Execution (RCE) in MinerUParserEPSS 0.9%