Fallos del tipo CWE-22
4832 resultadosCVE-2026-6615MEDIUMTransformerOptimus SuperAGI Multipart Upload resources.py upload path traversalEPSS 0.5%CVE-2025-31800MEDIUMWordPress Publitio plugin <= 2.2.0 - Arbitrary File Read vulnerabilityEPSS 0.5%CVE-2024-55516CRITICALA vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component affected by this issue is /upload_sysconfEPSS 0.5%CVE-2025-30596MEDIUMWordPress include-file plugin <= 1 - Arbitrary File Download VulnerabilityEPSS 0.5%CVE-2026-57571CRITICALCrawl4AI arbitrary file write via download filename path traversalEPSS 0.5%CVE-2024-55970HIGHFile Manager in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 has a traversal issue that is related to the request parameter, aEPSS 0.5%CVE-2026-22249HIGHDocmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip)EPSS 0.5%CVE-2025-53110HIGHModel Context Protocol Servers Vulnerable to Path Validation Bypass via Colliding Path PrefixEPSS 0.5%CVE-2026-49128HIGHMusic Player Daemon < 0.24.11 Path Traversal via LocalStorage URI HandlingEPSS 0.5%CVE-2025-2493HIGHPath Traversal vulnerability in Softdial Contact CenterEPSS 0.5%CVE-2026-8442HIGHWP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via 'myaction' ParameterEPSS 0.5%CVE-2026-7784MEDIUMRTGS2017 NagaAgent Skills Endpoint extensions.py path traversalEPSS 0.5%CVE-2024-9575HIGHLocal File Inclusion in pretix-widget WordPress pluginEPSS 0.5%CVE-2024-41726HIGHPath traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary eEPSS 0.5%CVE-2024-55401MEDIUMAn issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal.EPSS 0.5%CVE-2024-39688MEDIUMfishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config functionEPSS 0.5%CVE-2018-3770—A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the locEPSS 0.5%CVE-2026-48866CRITICALWordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerabilityEPSS 0.5%CVE-2025-29787HIGHzip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File WriteEPSS 0.5%CVE-2023-40026MEDIUMPath traversal allows leaking out-of-bound Helm charts from Argo CD repo-serverEPSS 0.5%