Weaknesses of type CWE-22

4,787 results
CVE-2023-26526HIGHWordPress Bookly plugin <= 21.7.1 - Authenticated Arbitrary File Deletion vulnerabilityEPSS 0.9%CVE-2024-39399HIGH[Paris] Path Traversal lead to local file readEPSS 0.9%CVE-2023-34238MEDIUM Local File Inclusion vulnerability in GatsbyEPSS 0.9%CVE-2024-51748CRITICALRemote code execution through language setting in kanboardEPSS 0.9%CVE-2021-42022A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3). When downloading files, the affected sEPSS 0.9%CVE-2024-32465HIGHGit's protections for cloning untrusted repositories can be bypassedEPSS 0.9%CVE-2023-1191MEDIUMfastcms ZIP File TemplateController.java path traversalEPSS 0.9%CVE-2024-27946MEDIUMA vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in thEPSS 0.9%CVE-2026-7020MEDIUMOllama Tensor Model Transfer transfer.go digestToPath path traversalEPSS 0.9%CVE-2025-7640HIGHhiWeb Export Posts <= 0.9.0.0 - Cross-Site Request Forgery to Arbitrary File DeletionEPSS 0.9%CVE-2023-28382HIGHDirectory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary fileEPSS 0.9%CVE-2025-50971HIGHDirectory traversal vulnerability in AbanteCart version 1.4.2 allows unauthenticated attackers to gain access to sensitive system files via EPSS 0.9%CVE-2023-28344HIGHAn issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers EPSS 0.9%CVE-2023-7207MEDIUMDebian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regreEPSS 0.9%CVE-2023-32676MEDIUMAutolab tar slip in Install Assessment functionality (`GHSL-2023-081`)EPSS 0.9%CVE-2024-10626HIGHWooCommerce Support Ticket System <= 17.7 - Authenticated (Subscriber+) Arbitrary File DeletionEPSS 0.9%CVE-2024-21547HIGHVersions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where EPSS 0.9%CVE-2024-31457HIGHgin-vue-admin background arbitrary code coverage vulnerabilityEPSS 0.9%CVE-2024-43022HIGHAn issue in the downloader.php component of TOSEI online store management system v4.02, v4.03, and v4.04 allows attackers to execute a direcEPSS 0.9%CVE-2025-3381MEDIUMzhangyanbo2007 youkefu File Upload WebIMController.java path traversalEPSS 0.9%