Fallos del tipo CWE-22

4704 resultados

CVE-2023-41474MEDIUMDirectory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via tEPSS 37.6%CVE-2024-55550MEDIUMMitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insuEPSS 37.5%KEV CVE-2023-36460CRITICALMastodon vulnerable to arbitrary file creation through media attachmentsEPSS 37.3%CVE-2022-24629CRITICALAn issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory trEPSS 37.2%CVE-2021-38163CRITICALSAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administraEPSS 37.1%KEV CVE-2018-1271—Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configuEPSS 35.7%CVE-2023-51365HIGHQTS, QuTS hero, QuTScloudEPSS 34.8%CVE-2024-47841MEDIUMPath traversal when loading stylesheetsEPSS 34.2%CVE-2024-10470CRITICALWPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and DeletionEPSS 34.1%CVE-2024-13181HIGHPath Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresseEPSS 32.4%CVE-2023-39584—Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability.EPSS 32.4%CVE-2025-2449HIGHNI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution VulnerabilityEPSS 30.8%CVE-2021-22720—A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and EPSS 30.5%CVE-2025-37098HIGHA path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.EPSS 30.4%CVE-2023-52085LOWWinter CMS Local File Inclusion through Server Side Template Injection EPSS 30.2%CVE-2024-25125MEDIUMAbsolute path traversal vulnerability in digdag serverEPSS 29.6%CVE-2012-6664CRITICALMultiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to readEPSS 29.5%CVE-2017-0901—RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any fEPSS 29.4%CVE-2022-45092CRITICALA vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the WebEPSS 29.3%CVE-2018-2380MEDIUMSAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thuEPSS 29.2%KEV

← anteriorpágina 10 / 236siguiente →