Weaknesses of type CWE-22
4,790 resultsCVE-2025-61923MEDIUMPrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosureEPSS 0.8%CVE-2026-28701CRITICALDaktronics Controller Firmware Path TraversalEPSS 0.8%CVE-2024-32117MEDIUMAn improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.EPSS 0.8%CVE-2024-54148HIGHGogs has a Path Traversal in file editing UIEPSS 0.8%CVE-2024-13981CRITICALLiveBos UploadFile.do Arbitrary File UploadEPSS 0.8%CVE-2024-8163MEDIUMChengdu Everbrite Network Technology BeikeShop files destroyFiles path traversalEPSS 0.8%CVE-2025-34173MEDIUMNetgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information DisclosureEPSS 0.8%CVE-2024-46646MEDIUMeNMS up to 4.7.1 is vulnerable to Directory Traversal via /download/file.EPSS 0.8%CVE-2026-38993MEDIUMCockpit 2.13.5 and earlier is vulnerable to directory traversal via the Buckets component. This vulnerability allows authenticated attackersEPSS 0.8%CVE-2024-57451HIGHChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to EPSS 0.8%CVE-2025-50735HIGHDirectory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in itsEPSS 0.8%CVE-2024-50336MEDIUMmatrix-js-sdk has insufficient MXC URI validation which allows client-side path traversalEPSS 0.8%CVE-2024-5550MEDIUMExposure of Sensitive Information via Arbitrary System Path Lookup in h2oai/h2o-3EPSS 0.8%CVE-2025-11941MEDIUMe107 CMS Avatar image.php path traversalEPSS 0.8%CVE-2025-64057HIGHDirectory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrarEPSS 0.8%CVE-2023-26045CRITICALNodeBB vulnerable to path traversal and code execution via prototype vulnerabilityEPSS 0.8%CVE-2025-7526CRITICALWP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File RenamingEPSS 0.8%CVE-2024-1790MEDIUMAjax Load More <= 7.0.1 - Authenticated (Admin+) Directory Traversal to Arbitrary File ReadEPSS 0.8%CVE-2025-0461MEDIUMShanghai Lingdang Information Technology Lingdang CRM index.php path traversalEPSS 0.8%CVE-2025-4828CRITICALSupport Board <= 3.8.0 - Unauthenticated Arbitrary File DeletionEPSS 0.8%