Weaknesses of type CWE-73
466 resultsCVE-2026-55700HIGHpnpm: stage download writes outside destination via manifest version traversalEPSS 0.3%CVE-2026-3892HIGHMotors – Car Dealer, Classifieds & Listing <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion via 'stm_dealer_logo_path' ParameterEPSS 0.3%CVE-2025-4674HIGHUnexpected command execution in untrusted VCS repositories in cmd/goEPSS 0.3%CVE-2026-33354HIGHAVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php`EPSS 0.3%CVE-2026-53915HIGHIn JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configurationEPSS 0.3%CVE-2026-2351MEDIUMTask Manager <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File ReadEPSS 0.3%CVE-2026-26360HIGHDell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker wEPSS 0.3%CVE-2026-42597MEDIUMGotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// schemeEPSS 0.3%CVE-2026-45088HIGHDalfox: Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` in Dalfox Server ModeEPSS 0.3%CVE-2025-48067MEDIUMOctoPrint vulnerable to possible file extraction via upload endpointsEPSS 0.3%CVE-2025-14059MEDIUMEmailKit <= 1.6.1 - Authenticated (Author+) Arbitrary File Read via Path TraversalEPSS 0.2%CVE-2026-48720HIGHWarp: SSH remote output can lead to local file overwrite and persistenceEPSS 0.2%CVE-2026-45089HIGHDalfox: Unauthenticated Arbitrary File Create/Append via `output` Option in Dalfox Server ModeEPSS 0.2%CVE-2021-3626HIGHWindows version of Multipass unauthenticated localhost tcp control socket can perform mountsEPSS 0.2%CVE-2026-8118MEDIUMRoyal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058 - 1.7.1059 - Authenticated (Contributor+) Arbitrary File Read via Data Table Widget CSV File SourceEPSS 0.2%CVE-2023-26282MEDIUMIBM Watson CP4D Data Stores file modificiationEPSS 0.2%CVE-2025-2982MEDIUMLegrand SMS PowerView file inclusionEPSS 0.2%CVE-2025-65799MEDIUMA lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traverEPSS 0.2%CVE-2026-10559MEDIUMSourceCodester Pizzafy Ecommerce System index.php file inclusionEPSS 0.2%CVE-2026-26361MEDIUMDell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker wEPSS 0.2%