Weaknesses of type CWE-22

4,853 results
CVE-2026-7676MEDIUMkerwincui FastBee Tool Download Endpoint ToolController.java ToolController.download path traversalEPSS 0.4%CVE-2026-6590MEDIUMComfyUI Model Preview Endpoint model_manager.py get_model_preview path traversalEPSS 0.4%CVE-2026-6487MEDIUMQihui jtbc5 CMS Code Endpoint manage.php path traversalEPSS 0.4%CVE-2025-7450MEDIUMletseeqiji gorobbs API user.go ResetUserAvatar path traversalEPSS 0.4%CVE-2026-32496MEDIUMWordPress Spam Protect for Contact Form 7 plugin <= 1.2.9 - Arbitrary File Deletion vulnerabilityEPSS 0.4%CVE-2026-32007HIGHOpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check BypassEPSS 0.4%CVE-2026-15326MEDIUMhalo-dev halo Theme Installation ThemeUtils.java ThemeUtils.unzipThemeTo path traversalEPSS 0.4%CVE-2024-26292HIGHAuthenticated Arbitrary File Deletion affecting Avid NEXISEPSS 0.4%CVE-2026-23942MEDIUMSFTP root escape via component-agnostic prefix check in ssh_sftpdEPSS 0.4%CVE-2024-46327MEDIUMAn issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal.EPSS 0.4%CVE-2026-30282CRITICALAn arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internalEPSS 0.4%CVE-2022-4773LOWcloudsync LocalFilesystemConnector.java getItem path traversalEPSS 0.4%CVE-2025-4419MEDIUMHot Random Image <= 1.9.2 - Path Traversal to Authenticated (Contributor+) Limited Arbitrary Image Access via path ParameterEPSS 0.4%CVE-2026-22661HIGHprompts.chat Path Traversal via Skill File HandlingEPSS 0.4%CVE-2026-44440MEDIUMERPNext: Path Traversal Leading to Sensitive File ExposureEPSS 0.4%CVE-2026-44593HIGHesm.sh: Legacy Route Path Traversal Can Lead to RCEEPSS 0.4%CVE-2025-11034MEDIUMDibo Data Decision Making System common_dep.action.jsp downloadImpTemplet path traversalEPSS 0.4%CVE-2026-4741HIGHPath Traversal Vulnerability in TeamJCD/JoyConDroidEPSS 0.4%CVE-2026-49061HIGHWordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerabilityEPSS 0.4%CVE-2026-44635HIGHKysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`EPSS 0.4%