Fallos del tipo CWE-22
4857 resultadosCVE-2025-67643MEDIUMJenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b_9517b_6b_202 and earlier does not correctly perform path validation of the workEPSS 0.3%CVE-2026-11470MEDIUMhs-web hsweb-framework File Upload FileUploadProperties.java denied path traversalEPSS 0.3%CVE-2024-42680MEDIUMAn issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by enterinEPSS 0.3%CVE-2026-50567HIGHFission: Zip Slip in pkg/utils/zip.go:Unarchive allows fetcher to write outside the destination directoryEPSS 0.3%CVE-2022-39210LOWAccess to internal files of the Nextcloud Android appEPSS 0.3%CVE-2022-40264MEDIUMImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versioEPSS 0.3%CVE-2025-54292MEDIUMClient-Side Path Traversal in LXD-UIEPSS 0.3%CVE-2025-14867MEDIUMFlashcard Plugin for WordPress <= 0.9 - Authenticated (Contributor+) Arbitrary File Read via Path TraversalEPSS 0.3%CVE-2025-13876MEDIUMRareprob HD Video Player All Formats App com.rocks.music.videoplayer path traversalEPSS 0.3%CVE-2025-66206MEDIUMFrappe vulnerable to a path traversal allowing reading certain filesEPSS 0.3%CVE-2024-47263MEDIUMAn improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in SynEPSS 0.3%CVE-2018-10501—This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. AnEPSS 0.3%CVE-2026-45571MEDIUMgo-git: Crafted repositories may modify main and submodule .git directoriesEPSS 0.3%CVE-2025-29213MEDIUMA zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a EPSS 0.3%CVE-2026-6957HIGHPath traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.EPSS 0.3%CVE-2026-7807HIGHSmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} APIEPSS 0.3%CVE-2026-42679MEDIUMWordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerabilityEPSS 0.3%CVE-2026-14468HIGHPath traversal allows arbitrary file read in Terraform Enterprise containerEPSS 0.3%CVE-2026-54468MEDIUMDell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerability. A low privileged attacker with remoteEPSS 0.3%CVE-2026-48944MEDIUMJoomla Extension - getk2.org - Exposure of sensitive files via attachment copy in K2 extension for Joomla < 2.26EPSS 0.3%