Falhas do tipo CWE-22
4.704 resultadosCVE-2026-27305HIGHColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)EPSS 29.0%CVE-2024-13180HIGHPath Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addEPSS 27.8%CVE-2020-12146MEDIUMSilver Peak Unity OrchestratorTM subject to path traversal.EPSS 27.6%CVE-2018-3758—Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.EPSS 27.5%CVE-2024-30270MEDIUMmailcow Path Traversal and Arbitrary Code Execution VulnerabilityEPSS 27.3%CVE-2024-5982CRITICALPath Traversal in gaizhenbiao/chuanhuchatgptEPSS 27.2%CVE-2021-22718—A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and EPSS 27.2%CVE-2025-11201HIGHMLflow Tracking Server Model Creation Directory Traversal Remote Code Execution VulnerabilityEPSS 27.1%CVE-2007-4559CRITICALDirectory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remotEPSS 27.1%CVE-2025-11001HIGH7-Zip ZIP File Parsing Directory Traversal Remote Code Execution VulnerabilityEPSS 27.0%CVE-2018-3760—There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. SpeciaEPSS 26.7%CVE-2021-22797HIGHA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious scriEPSS 26.1%CVE-2021-43788MEDIUMPath traversal in translator module of NobeBBEPSS 25.8%CVE-2024-5182HIGHPath Traversal in mudler/localaiEPSS 25.5%CVE-2024-32002CRITICALGit's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code ExecutionEPSS 25.3%CVE-2019-18187HIGHTrend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extracEPSS 25.1%KEVCVE-2022-41772CRITICAL
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversaEPSS 24.9%CVE-2024-4701CRITICALPath Traversal vulnerability via File Uploads in GenieEPSS 24.6%CVE-2025-27590CRITICALIn oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux usEPSS 24.3%CVE-2024-25830CRITICALF-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remoteEPSS 24.0%