Fallos del tipo CWE-22
4723 resultadosCVE-2026-47932HIGHColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)EPSS 7.6%CVE-2024-38652HIGHPath traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of servEPSS 7.6%CVE-2024-57728HIGHSimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading aEPSS 7.5%KEVCVE-2024-9935HIGHPDF Generator Addon for Elementor Page Builder <= 2.0.0 - Unauthenticated Arbitrary File DownloadEPSS 7.5%CVE-2018-0300—A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation FirewallEPSS 7.4%CVE-2025-40738HIGHA vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when EPSS 7.2%CVE-2025-40737HIGHA vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when EPSS 7.2%CVE-2024-23476CRITICALSolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution VulnerabilityEPSS 7.1%CVE-2023-33177HIGHXibo CMS vulnerable to Remote Code Execution through Zip SlipEPSS 7.1%CVE-2025-4185MEDIUMWangshen SecGate 3600 g=obj_area_export_save path traversalEPSS 7.0%CVE-2026-7474HIGHNomad vulnerable to path traversal in dynamic host volume which may lead to code executionEPSS 6.9%CVE-2026-24848HIGHOpenEMR Arbitrary File Write leading to Remote Code ExecutionEPSS 6.8%CVE-2022-34127HIGHThe Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter.EPSS 6.7%CVE-2023-28459MEDIUMpretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents thEPSS 6.6%CVE-2025-68705HIGHRustFS Path Traversal VulnerabilityEPSS 6.6%CVE-2026-3051MEDIUMDataLinkDC dinky Project Name GitRepository.java getProjectDir path traversalEPSS 6.5%CVE-2024-10516HIGHSwift Performance Lite <= 2.3.7.1 - Unauthenticated Local PHP File Inclusion via 'ajaxify'EPSS 6.5%CVE-2024-41628HIGHDirectory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9EPSS 6.5%CVE-2022-39802—SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameEPSS 6.4%CVE-2018-0426—Cisco RV110W, RV130W, and RV215W Routers Management Interface Directory Traversal VulnerabilityEPSS 6.4%