Weaknesses of type CWE-22

4,793 results
CVE-2026-20191HIGHCisco Catalyst Center Arbitrary File Read VulnerabilityEPSS 0.8%CVE-2024-24749HIGHClasspath resource disclosure in GWC Web Resource API on Windows / TomcatEPSS 0.8%CVE-2023-6908LOWDFIRKuiper TAR Archive case_management.py unzip_file path traversalEPSS 0.8%CVE-2025-8021HIGHAll versions of the package files-bucket-server are vulnerable to Directory Traversal where an attacker can traverse the file system and accEPSS 0.8%CVE-2020-36883HIGHSpinetiX Fusion Digital Signage 3.4.8 Authenticated Path Traversal via File OperationsEPSS 0.8%CVE-2022-47595MEDIUMWordPress WP Google Maps Plugin <= 9.0.15 is vulnerable to Path TraversalEPSS 0.8%CVE-2025-57698HIGHAstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function install_plugin_upload of the interface '/plugin/iEPSS 0.8%CVE-2023-38366MEDIUMIBM FileNet Content Manager directory traversalEPSS 0.8%CVE-2024-53523HIGHJSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the find_by_file function.EPSS 0.8%CVE-2022-27617MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar beforeEPSS 0.8%CVE-2021-47755HIGHOliver Library Server v5 - Arbitrary File DownloadEPSS 0.8%CVE-2024-35205HIGHThe WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them tEPSS 0.8%CVE-2026-35031CRITICALJellyfin: Potential RCE via subtitle upload path traversal + .strm chainEPSS 0.8%CVE-2021-27473MEDIUMRockwell Automation Connected Components Workbench Improper Input ValidationEPSS 0.8%CVE-2023-42488HIGH EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')EPSS 0.8%CVE-2024-9032MEDIUMSourceCodester Simple Forum-Discussion System index.php path traversalEPSS 0.8%CVE-2024-22204MEDIUMWhoogle Search Limited File Write vulnerabilityEPSS 0.8%CVE-2025-22927CRITICALAn issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.EPSS 0.8%CVE-2024-47818MEDIUMLogged-in users with any role can delete arbitrary files in @saltcorn/serverEPSS 0.8%CVE-2025-64057HIGHDirectory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrarEPSS 0.8%