Weaknesses of type CWE-22

4,729 results
CVE-2022-1391Cab fare calculator < 1.0.4 - Unauthenticated LFIEPSS 13.6%CVE-2023-27855CRITICALRockwell Automation ThinManager ThinServer Path Traversal UploadEPSS 13.5%CVE-2024-53961HIGHColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)EPSS 13.4%CVE-2024-1873HIGHPath Traversal and Denial of Service in parisneo/lollms-webuiEPSS 13.4%CVE-2018-1002200plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) EPSS 13.2%CVE-2024-6255HIGHPath Traversal in gaizhenbiao/chuanhuchatgptEPSS 13.1%CVE-2018-1002202zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip aEPSS 13.1%CVE-2025-58320HIGHDIALink - Directory Traversal Authentication Bypass VulnerabilityEPSS 13.1%CVE-2024-34854CRITICALF-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.`EPSS 12.8%CVE-2025-30290HIGHColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)EPSS 12.4%CVE-2023-22629HIGHAn issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. AEPSS 12.3%CVE-2022-41328MEDIUMA improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 thEPSS 12.3%KEVCVE-2025-6793CRITICALMarvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure VulnerabilityEPSS 12.3%CVE-2018-1002205MEDIUMDotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slaEPSS 12.2%CVE-2021-21251HIGHZipSlip Arbitrary File UploadEPSS 12.2%CVE-2026-28208MEDIUMJunrar has arbitrary file write due to backslash path traversal bypass in LocalFolderExtractor on Linux/UnixEPSS 12.0%CVE-2026-1056CRITICALSnow Monkey Forms <= 12.0.3 - Unauthenticated Arbitrary File Deletion via Path TraversalEPSS 12.0%CVE-2018-1002203unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot sEPSS 11.9%CVE-2025-61913CRITICALFlowise is vulnerable to arbitrary file read, arbitrary file writeEPSS 11.9%CVE-2024-8752CRITICALWebIQ 2.15.9 Runtime on Windows - Directory Traversal VulnerabilityEPSS 11.8%