Weaknesses of type CWE-22
4,653 resultsCVE-2023-47246CRITICALIn SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat weEPSS 98.9%KEVCVE-2019-5418HIGHThere is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accepEPSS 98.5%KEVCVE-2024-8963CRITICALPath Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.EPSS 98.4%KEVCVE-2022-27925HIGHZimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenEPSS 98.2%KEVCVE-2024-41713CRITICALA vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthentiEPSS 98.1%KEVCVE-2020-11738HIGHThe Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the fEPSS 97.8%KEVCVE-2025-61884HIGHVulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected aEPSS 97.6%KEVCVE-2025-34028CRITICALCommvault Command Center Innovation Release <= 11.38.25 Unathenticated Install Package Path TraversalEPSS 97.2%KEVCVE-2019-3398HIGHConfluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permiEPSS 97.2%KEVCVE-2021-41277CRITICALGeoJSON URL validation can expose server files and environment variables to unauthorized usersEPSS 96.9%KEVCVE-2021-40444HIGHMicrosoft MSHTML Remote Code Execution VulnerabilityEPSS 96.8%KEVCVE-2020-3187CRITICALCisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal VulnerabilityEPSS 96.6%CVE-2018-14847CRITICALMikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write aEPSS 96.1%KEVCVE-2019-20085HIGHTVT NVMS-1000 devices allow GET /.. Directory TraversalEPSS 96.1%KEVCVE-2016-0752HIGHDirectory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, anEPSS 95.5%KEVCVE-2022-41352CRITICALAn issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophEPSS 95.5%KEVCVE-2024-57727CRITICALSimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated reEPSS 95.1%KEVCVE-2017-12637HIGHDirectory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allowsEPSS 94.6%KEVCVE-2024-9047CRITICALWordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.phpEPSS 92.3%CVE-2024-7399HIGHImproper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackEPSS 91.9%KEV