Falhas do tipo CWE-22

4.854 resultados
CVE-2025-67115MEDIUMA path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@230804184EPSS 0.4%CVE-2021-31421LOWThis vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attackerEPSS 0.4%CVE-2026-46724MEDIUMPath Traversal in extension "Faceted Search" (ke_search)EPSS 0.4%CVE-2025-53622MEDIUMDSpace has path traversal vulnerability in Simple Archive Format (SAF) package import via contents fileEPSS 0.4%CVE-2026-41887MEDIUMFlarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)EPSS 0.4%CVE-2025-49415HIGHWordPress FW Gallery plugin <= 8.0.0 - Arbitrary File Deletion VulnerabilityEPSS 0.4%CVE-2023-39402CRITICALParameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be reaEPSS 0.4%CVE-2025-48267HIGHWordPress WP Pipes plugin <= 1.4.2 - Arbitrary File Deletion VulnerabilityEPSS 0.4%CVE-2023-39401CRITICALParameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be reaEPSS 0.4%CVE-2025-49879HIGHWordPress Litho theme <= 3.0 - Arbitrary File Deletion VulnerabilityEPSS 0.4%CVE-2023-39400CRITICALParameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be reaEPSS 0.4%CVE-2025-64757LOWAstro Development Server is Vulnerable to Arbitrary Local File ReadEPSS 0.4%CVE-2026-27969CRITICALVitess users with backup storage access can write to arbitrary file paths on restoreEPSS 0.4%CVE-2025-3547MEDIUMfrdel Agent-Zero get_work_dir_files path traversalEPSS 0.4%CVE-2026-11846HIGHIEI Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File DeletionEPSS 0.4%CVE-2026-40258CRITICALGramps Web API has Zip Slip Path Traversal in Media Archive ImportEPSS 0.4%CVE-2025-27299MEDIUMWordPress MyTicket Events plugin <= 1.2.4 - Non-Arbitrary File Read vulnerabilityEPSS 0.4%CVE-2025-42906MEDIUMDirectory Traversal vulnerability in SAP Commerce CloudEPSS 0.4%CVE-2023-38176HIGHAzure Arc-Enabled Servers Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2020-12499HIGHPHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier: Improper path sanitation vulnerability.EPSS 0.4%