Fallos del tipo CWE-22

4856 resultados
CVE-2026-0669HIGHPath Traversal vulnerability in CSS extension on certain web serversEPSS 0.4%CVE-2025-60915HIGHAn issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execEPSS 0.4%CVE-2024-43395HIGHCraftOS-PC 2's improperly sanitizied paths cause filesystem escape (Windows)EPSS 0.4%CVE-2026-15331MEDIUMzhayujie CowAgent Skill Installation service.py _add_package path traversalEPSS 0.4%CVE-2026-54293HIGHNLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File ReadEPSS 0.4%CVE-2025-35053MEDIUMNewforma Info Exchange (NIX) arbitrary file read and deleteEPSS 0.4%CVE-2026-56122HIGHWinstone Servlet Engine 0.9.10 Path Traversal via HTTP Request PathsEPSS 0.4%CVE-2023-34217HIGHSecond Order Command-injection Vulnerability in the Certificate-delete FunctionEPSS 0.4%CVE-2025-48017CRITICALImproper Limitation of a Pathname to a Restricted DirectoryEPSS 0.4%CVE-2026-3089MEDIUMActual Sync Server 26.2.1 - Authenticated Path TraversalEPSS 0.4%CVE-2025-32018HIGHArbitrary file write from Cursor Agent through a prompt injection from malicious @DocsEPSS 0.4%CVE-2026-39406MEDIUM@hono/node-server has a middleware bypass via repeated slashes in serveStaticEPSS 0.4%CVE-2025-54715MEDIUMWordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.9.0 - Arbitrary File Download VulnerabilityEPSS 0.4%CVE-2023-51651MEDIUMPotential URI resolution path traversal in the AWS SDK for PHPEPSS 0.4%CVE-2025-7108MEDIUMrisesoft-y9 Digital-Infrastructure Y9FileController.java deleteFile path traversalEPSS 0.4%CVE-2026-32847HIGHDeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.pyEPSS 0.4%CVE-2025-8151MEDIUMHT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File ActionsEPSS 0.4%CVE-2024-23773HIGHAn issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulEPSS 0.4%CVE-2026-22677MEDIUMHermes WebUI < 0.51.44 Path Traversal via Session Import EndpointEPSS 0.4%CVE-2026-46486MEDIUMMobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processingEPSS 0.4%