Fallos del tipo CWE-22

4856 resultados
CVE-2026-7676MEDIUMkerwincui FastBee Tool Download Endpoint ToolController.java ToolController.download path traversalEPSS 0.4%CVE-2025-7450MEDIUMletseeqiji gorobbs API user.go ResetUserAvatar path traversalEPSS 0.4%CVE-2025-6453MEDIUMdiyhi bbs API ForumManageAction.java add path traversalEPSS 0.4%CVE-2026-6590MEDIUMComfyUI Model Preview Endpoint model_manager.py get_model_preview path traversalEPSS 0.4%CVE-2024-26292HIGHAuthenticated Arbitrary File Deletion affecting Avid NEXISEPSS 0.4%CVE-2026-32007HIGHOpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check BypassEPSS 0.4%CVE-2026-32496MEDIUMWordPress Spam Protect for Contact Form 7 plugin <= 1.2.9 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2026-15326MEDIUMhalo-dev halo Theme Installation ThemeUtils.java ThemeUtils.unzipThemeTo path traversalEPSS 0.4%CVE-2026-23942MEDIUMSFTP root escape via component-agnostic prefix check in ssh_sftpdEPSS 0.4%CVE-2022-4773LOWcloudsync LocalFilesystemConnector.java getItem path traversalEPSS 0.4%CVE-2026-44440MEDIUMERPNext: Path Traversal Leading to Sensitive File ExposureEPSS 0.4%CVE-2026-22661HIGHprompts.chat Path Traversal via Skill File HandlingEPSS 0.4%CVE-2025-4419MEDIUMHot Random Image <= 1.9.2 - Path Traversal to Authenticated (Contributor+) Limited Arbitrary Image Access via path ParameterEPSS 0.4%CVE-2024-46327MEDIUMAn issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal.EPSS 0.4%CVE-2026-30282CRITICALAn arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internalEPSS 0.4%CVE-2020-1737HIGHA flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip moEPSS 0.4%CVE-2026-4741HIGHPath Traversal Vulnerability in TeamJCD/JoyConDroidEPSS 0.4%CVE-2026-49061HIGHWordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerabilityEPSS 0.4%CVE-2026-41656MEDIUMAdmidio: Path Traversal via Unvalidated `name` Parameter in Document Add Mode Enables Arbitrary Server File ReadEPSS 0.4%CVE-2023-41747MEDIUMSensitive information disclosure due to unauthenticated path traversal. The following products are affected: Acronis Cloud Manager (Windows)EPSS 0.4%