Weaknesses of type CWE-22
4,852 resultsCVE-2026-9145MEDIUMDatabase for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrary File Copy/Upload via Elementor Pro Form Upload Field 'raw_value'EPSS 0.4%CVE-2026-27522HIGHOpenClaw < 2026.2.24 - Arbitrary File Read via sendAttachment and setGroupIcon Message ActionsEPSS 0.4%CVE-2026-12211MEDIUMIntelbras iNVU 7016 FT Web syslog path traversalEPSS 0.4%CVE-2026-10213MEDIUMAstrBotDevs AstrBot API Endpoint delete path traversalEPSS 0.4%CVE-2026-45556CRITICALRoxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`EPSS 0.4%CVE-2026-59510HIGHAuthenticated Path Traversal in AIL Framework PDF Object Handling Enables Potential Arbitrary File ReadEPSS 0.4%CVE-2025-69379HIGHWordPress Upload Files Anywhere plugin <= 2.8 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2025-68907HIGHWordPress Hostme v2 theme <= 7.0 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2026-31913HIGHWordPress Scape theme < 1.5.16 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2026-32522HIGHWordPress WooCommerce Support Ticket System plugin < 18.5 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2025-41396MEDIUMA path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product usEPSS 0.4%CVE-2026-41383MEDIUMOpenClaw < 2026.4.2 - Arbitrary Remote Directory Deletion via Mis-scoped Mirror Mode PathsEPSS 0.4%CVE-2026-39844MEDIUMNiceGUI has a Path Traversal in NiceGUI Upload Filename on Windows via Backslash Bypass of PurePosixPath SanitizationEPSS 0.4%CVE-2025-7039LOWGlib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file()EPSS 0.4%CVE-2026-24137MEDIUMsigstore legacy TUF client allows for arbitrary file writes with target cache path traversalEPSS 0.4%CVE-2025-64074MEDIUMA path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to EPSS 0.4%CVE-2025-46559MEDIUMMisskey Directory Traversal Vulnerability in AiScript via `Mk:api`EPSS 0.4%CVE-2024-55659HIGHSiYuan has an arbitrary file write in the host via /api/asset/uploadEPSS 0.4%CVE-2026-24953MEDIUMWordPress Simple File List plugin <= 6.1.15 - Arbitrary File Download vulnerabilityEPSS 0.4%CVE-2025-65952HIGHConsole is vulnerable to path traversal regarding custom assetsEPSS 0.4%