Weaknesses of type CWE-22
4,787 resultsCVE-2020-7529—A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote ConnecEPSS 0.9%CVE-2021-24639—OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder DeletionEPSS 0.9%CVE-2022-23522HIGHArbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdbEPSS 0.9%CVE-2020-7495—A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EPSS 0.9%CVE-2023-30548MEDIUMPath traversal vulnerability in gatsby-plugin-sharpEPSS 0.9%CVE-2024-46888CRITICALA vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize useEPSS 0.9%CVE-2024-45189MEDIUMMage AI git content request remote arbitrary file leakEPSS 0.9%CVE-2024-45188MEDIUMMage AI file content request remote arbitrary file leakEPSS 0.9%CVE-2024-7551MEDIUMjuzaweb CMS Theme Editor default path traversalEPSS 0.9%CVE-2025-69820MEDIUMDirectory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath funEPSS 0.9%CVE-2024-8060HIGHRemote Code Execution in OpenWebUI via Arbitrary File UploadEPSS 0.9%CVE-2025-7694MEDIUMWoffice Core <= 5.4.26 - Authenticated (Contributor+) Arbitrary File DeletionEPSS 0.9%CVE-2026-26064CRITICALcalibre: Path Traversal Vulnerability Enables Arbitrary File Write and Remote Code ExecutionEPSS 0.9%CVE-2024-27121HIGHPath traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary filEPSS 0.9%CVE-2024-37847CRITICALAn arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a cEPSS 0.9%CVE-2019-25577MEDIUMSeoToaster Ecommerce 3.0.0 Local File Inclusion via backend_themeEPSS 0.9%CVE-2022-44016HIGHAn issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can download arbitrary files from the web server by abusing anEPSS 0.9%CVE-2024-46648HIGHeNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scan_folder.EPSS 0.9%CVE-2022-28544MEDIUMPath traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to accessEPSS 0.9%CVE-2024-13897MEDIUMMoving Media Library <= 1.22 - Authenticated (Administrator+) Directory Traversal to Arbitrary File DeletionEPSS 0.9%