Weaknesses of type CWE-22

4,817 results
CVE-2024-35308HIGHPost-auth Arbitrary File Read in the Server Plugins SectionEPSS 0.6%CVE-2023-45652MEDIUMWordPress Remote Content Shortcode plugin <= 1.5 - Local File Inclusion vulnerabilityEPSS 0.6%CVE-2025-15036CRITICALPath Traversal Vulnerability in mlflow/mlflowEPSS 0.6%CVE-2024-29196LOWphpMyFAQ Path Traversal in AttachmentsEPSS 0.6%CVE-2024-6445CRITICALAuthenticated Local File Inclusion (LFI) in DataFlowX's DataDiodeXEPSS 0.6%CVE-2025-25223MEDIUMThe LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloaEPSS 0.6%CVE-2024-41765MEDIUMIBM Engineering Lifecycle Optimization - Publishing directory traversalEPSS 0.6%CVE-2025-27837CRITICALAn issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTFEPSS 0.6%CVE-2025-20051CRITICALArbitrary file read via block duplication in Mattermost BoardsEPSS 0.6%CVE-2025-30910HIGHWordPress CM Download Manager plugin <= 2.9.6 - Arbitrary File Deletion vulnerabilityEPSS 0.6%CVE-2025-25284HIGHPath Traversal and Local File Read via VRT (Virtual Format) in ZOO-Project WPS ImplementationEPSS 0.6%CVE-2025-2363MEDIUMlenve VBlog ArticleController.java uploadImg path traversalEPSS 0.6%CVE-2026-2672MEDIUMTsinghua Unigroup Electronic Archives System downLoad download path traversalEPSS 0.6%CVE-2026-4660HIGHGo-getter may allow to arbitrary filesystem reads through git operationsEPSS 0.6%CVE-2024-32830HIGHWordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerabilityEPSS 0.6%CVE-2024-23540MEDIUMHCL BigFix Inventory is vulnerable to path traversalEPSS 0.6%CVE-2023-45383HIGHIn the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personalEPSS 0.6%CVE-2018-25178HIGHEasyndexer 1.0 Arbitrary File Download via showtif.phpEPSS 0.6%CVE-2021-25367LOWPath Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission.EPSS 0.6%CVE-2026-9559CRITICALA path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign importsEPSS 0.6%