Fallos del tipo CWE-22
4856 resultadosCVE-2026-23745HIGHnode-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path SanitizationEPSS 0.3%CVE-2018-25421HIGHOpen STA Manager 2.3 Arbitrary File Download via Path TraversalEPSS 0.3%CVE-2026-14500MEDIUMBulk Order Update for WooCommerce <= 1.6 - Unauthenticated Arbitrary File Read via 'csv_url' ParameterEPSS 0.3%CVE-2024-2045MEDIUMSession 1.17.5 - LFR via chat attachmentEPSS 0.3%CVE-2023-2110HIGHObsidian Local File DisclosureEPSS 0.3%CVE-2025-7452MEDIUMkone-net go-chat Endpoint file_controller.go GetFile path traversalEPSS 0.3%CVE-2026-14783MEDIUMNousResearch hermes-agent skills_tool.py skill_view path traversalEPSS 0.3%CVE-2026-48314MEDIUMColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)EPSS 0.3%CVE-2025-62856LOWFile Station 5EPSS 0.3%CVE-2026-40163HIGHSaltcorn has an Unauthenticated Path Traversal in sync endpoints allows arbitrary file write and directory readEPSS 0.3%CVE-2026-5344MEDIUMTextpattern XML-RPC TXP_RPCServer.php mt_uploadImage path traversalEPSS 0.3%CVE-2024-23772MEDIUMAn issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulEPSS 0.3%CVE-2026-0704MEDIUMIn affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field EPSS 0.3%CVE-2025-61653LOWExtension:TextExtracts does not check for authorizeRead when returning extractsEPSS 0.3%CVE-2026-42888MEDIUMAudiobookshelf: Path Traversal vulnerability in the audiobookshelf projectEPSS 0.3%CVE-2026-42275HIGHzrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/writeEPSS 0.3%CVE-2026-56273MEDIUMFlowise - Path Traversal in Vector Store basePath ParameterEPSS 0.3%CVE-2026-59149MEDIUMMockoon: Path traversal in templated `filePath` lets a request escape the served directory (prefix-only base check)EPSS 0.3%CVE-2025-35056MEDIUMNewforma Info Exchange (NIX) limited file readEPSS 0.3%CVE-2026-27884MEDIUMNetExec vulnerable to arbitrary file write via path traversal in spider_plus moduleEPSS 0.3%