Fallos del tipo CWE-22

4826 resultados
CVE-2023-31166MEDIUMImproper Limitation of a Pathname to a Restricted DirectoryEPSS 0.6%CVE-2026-31379MEDIUMApache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog ManagerEPSS 0.6%CVE-2024-29196LOWphpMyFAQ Path Traversal in AttachmentsEPSS 0.6%CVE-2025-15036CRITICALPath Traversal Vulnerability in mlflow/mlflowEPSS 0.6%CVE-2024-6445CRITICALAuthenticated Local File Inclusion (LFI) in DataFlowX's DataDiodeXEPSS 0.6%CVE-2025-25223MEDIUMThe LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloaEPSS 0.6%CVE-2024-41765MEDIUMIBM Engineering Lifecycle Optimization - Publishing directory traversalEPSS 0.6%CVE-2025-20051CRITICALArbitrary file read via block duplication in Mattermost BoardsEPSS 0.6%CVE-2025-27837CRITICALAn issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTFEPSS 0.6%CVE-2025-2363MEDIUMlenve VBlog ArticleController.java uploadImg path traversalEPSS 0.6%CVE-2025-25284HIGHPath Traversal and Local File Read via VRT (Virtual Format) in ZOO-Project WPS ImplementationEPSS 0.6%CVE-2025-30910HIGHWordPress CM Download Manager plugin <= 2.9.6 - Arbitrary File Deletion vulnerabilityEPSS 0.6%CVE-2026-2672MEDIUMTsinghua Unigroup Electronic Archives System downLoad download path traversalEPSS 0.6%CVE-2018-25178HIGHEasyndexer 1.0 Arbitrary File Download via showtif.phpEPSS 0.6%CVE-2023-45383HIGHIn the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personalEPSS 0.6%CVE-2024-23540MEDIUMHCL BigFix Inventory is vulnerable to path traversalEPSS 0.6%CVE-2023-35069HIGHPath Traversal in BullwarkEPSS 0.6%CVE-2026-9559CRITICALA path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign importsEPSS 0.6%CVE-2026-35397HIGHjupyter-server path traversal allows access to sibling directories sharing root_dir name prefixEPSS 0.6%CVE-2024-32830HIGHWordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerabilityEPSS 0.6%