Fallos del tipo CWE-22
4845 resultadosCVE-2025-4529MEDIUMSeeyon Zhiyuan OA Web Application System ZIP File M3CoreController.class download path traversalEPSS 0.5%CVE-2025-25800MEDIUMSeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php.EPSS 0.5%CVE-2025-12250MEDIUMOpenWGA TMLScript API WGA.File path traversalEPSS 0.5%CVE-2026-56233HIGHCapgo - SSRF and Privilege Escalation via Path Traversal in Builder Upload ProxyEPSS 0.5%CVE-2026-53519CRITICALNezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_keyEPSS 0.5%CVE-2025-6866MEDIUMcode-projects Simple Forum forum_downloadfile.php path traversalEPSS 0.4%CVE-2025-7359HIGHCounter live visitors for WooCommerce <= 1.3.6 - Unauthenticated Arbitrary File Deletion in wcvisitor_get_blockEPSS 0.4%CVE-2026-56054HIGHWordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2024-37423HIGHWordPress Newspack Blocks plugin <= 3.0.8 - Contributor+ Arbitrary Directory Deletion vulnerabilityEPSS 0.4%CVE-2024-57777MEDIUMDirectory Traversal vulnerability in Ianproxy v.0.1 and before allows a remote attacker to obtain sensitive informationEPSS 0.4%CVE-2025-60223HIGHWordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.5 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2026-7589MEDIUMghantakiran splunk-mcp-integration CSV Export csv_export.py create_csv_export path traversalEPSS 0.4%CVE-2026-5014MEDIUMelecV2 elecV2P Wildcard log path.join path traversalEPSS 0.4%CVE-2026-7588MEDIUMggerve coding-standards-mcp server.py get_best_practices path traversalEPSS 0.4%CVE-2026-34523MEDIUMSillyTavern: Path traversal allows file existence oracleEPSS 0.4%CVE-2025-49138MEDIUMHAX CMS vulnerable to Local File Inclusion via saveOutline API Location ParameterEPSS 0.4%CVE-2025-31554MEDIUMWordPress Docxpresso plugin <= 2.6 - Arbitrary File Download vulnerabilityEPSS 0.4%CVE-2026-52726HIGHDulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payloadEPSS 0.4%CVE-2026-7237MEDIUMAgiFlow scaffold-mcp write-to-file Tool index.ts path traversalEPSS 0.4%CVE-2025-47513MEDIUMWordPress Infocob CRM Forms plugin <= 2.4.0 - Arbitrary File Download vulnerabilityEPSS 0.4%