Weaknesses of type CWE-22
4,827 resultsCVE-2024-44017HIGHWordPress MH Board plugin <= 1.3.2.1 - Local File Inclusion vulnerabilityEPSS 0.5%CVE-2026-42351HIGHpygeoapi: Path Traversal in STAC FileSystemProviderEPSS 0.5%CVE-2024-35634MEDIUMWoocommerce – Recent Purchases plugin <= 1.0.1 - File Inclusion vulnerabilityEPSS 0.5%CVE-2024-52449HIGHWordPress WordPress Bootscraper plugin <= 2.1.0 - Local File Inclusion vulnerabilityEPSS 0.5%CVE-2026-12243HIGHPath Traversal via Percent-Encoding in nltk.data.find() and nltk.data.load()EPSS 0.5%CVE-2025-66905HIGHThe Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystEPSS 0.5%CVE-2024-49285HIGHWordPress SSV MailChimp plugin <= 3.1.5 - Local File Inclusion vulnerabilityEPSS 0.5%CVE-2025-65025HIGHesm.sh CDN service has arbitrary file write via tarslipEPSS 0.5%CVE-2025-22663HIGHWordPress Paid Videochat Turnkey Site plugin <= 7.2.12 - Arbitrary File Deletion vulnerabilityEPSS 0.5%CVE-2026-53872HIGHpicklescan - Arbitrary File Read via Unsafe Pickle DeserializationEPSS 0.5%CVE-2026-30283CRITICALAn arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical inEPSS 0.5%CVE-2025-62254MEDIUMThe ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 202EPSS 0.5%CVE-2025-6265HIGHA path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10(ACGE.2) and earlier could allowEPSS 0.5%CVE-2024-3484MEDIUMPath Traversal vulnerability found in iManagerEPSS 0.5%CVE-2025-10766MEDIUMSeriaWei ZKEACMS EventViewerController.cs Download path traversalEPSS 0.5%CVE-2024-11219MEDIUMOtter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.6 - Unauthetnicated Path Traversal to Arbitrary Image ViewEPSS 0.5%CVE-2023-46205HIGHWordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 - Local File Inclusion vulnerabilityEPSS 0.5%CVE-2026-49766CRITICALWordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerabilityEPSS 0.5%CVE-2025-49830HIGHConjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to path traversal and file disclosureEPSS 0.5%CVE-2022-41591HIGHThe backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other systEPSS 0.5%