Fallos del tipo CWE-22
4854 resultadosCVE-2026-41917MEDIUMOpenKM 6.3.12 Local File Inclusion via Admin ScriptingEPSS 0.4%CVE-2026-31156MEDIUMA path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_geneEPSS 0.4%CVE-2026-49984HIGHKestra: Path traversal in `LocalStorage` allows any authenticated user to read arbitrary server files via the execution file-download API (`\..\` bypasses the `..` guard)EPSS 0.4%CVE-2026-33949HIGH@tinacms/graphql has Path Traversal that leads to overwrite of arbitrary filesEPSS 0.4%CVE-2025-4530MEDIUMfeng_ha_ha/megagao ssm-erp/production_ssm File FileController.java handleFileDownload path traversalEPSS 0.4%CVE-2025-53081MEDIUMAn 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on thEPSS 0.4%CVE-2026-45807HIGHKestra: Path traversal via URL-encoded "%2E%2E" in execution and namespace file endpoints allows arbitrary file readEPSS 0.4%CVE-2026-22737MEDIUMSpring Framework Improper Path Limitation with Script View TemplatesEPSS 0.4%CVE-2025-14182MEDIUMSobey Media Convergence System upload path traversalEPSS 0.4%CVE-2026-22460HIGHWordPress FormGent plugin <= 1.7.0 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2023-20229HIGHA vulnerability in the CryptoService function of Cisco Duo Device Health Application for Windows could allow an authenticated, local attackeEPSS 0.4%CVE-2026-25228MEDIUMSignalK Server has Path Traversal leading to information disclosureEPSS 0.4%CVE-2025-12002MEDIUMFeeds for YouTube Pro <= 2.6.0 - Unauthenticated Arbitrary File Read via Path TraversalEPSS 0.4%CVE-2024-42408MEDIUMDorsett Controls InfoScan Path TraversalEPSS 0.4%CVE-2026-36760CRITICALAn issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissiEPSS 0.4%CVE-2026-34726MEDIUMCopier `_subdirectory` allows template root escape via parent-directory traversalEPSS 0.4%CVE-2026-6381HIGHWP Maps < 4.9.3 - Subscriber+ Local File InclusionEPSS 0.4%CVE-2026-27040HIGHWordPress WZone plugin <= 14.0.31 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2025-64152CRITICALApache IoTDB: Path Traversal VulnerabilityEPSS 0.4%CVE-2025-31174MEDIUMPath traversal vulnerability in the DFS module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.EPSS 0.4%