Weaknesses of type CWE-22
4,747 resultsCVE-2024-31851HIGHA path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which coulEPSS 2.9%CVE-2020-27859HIGHThis vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42. AuthenticEPSS 2.9%CVE-2024-39903HIGHLocal File Inclusion in SolaraEPSS 2.9%CVE-2018-0405—Cisco RV180W Wireless-N Multifunction VPN Router Directory Path Traversal VulnerabilityEPSS 2.9%CVE-2020-26285HIGHWidget instances allows a hacker to inject an executable file on the server on OpenMageEPSS 2.9%CVE-2022-24830MEDIUMPath Traversal in OpenClinicaEPSS 2.9%CVE-2023-39460HIGHTriangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation VulnerabilityEPSS 2.9%CVE-2024-24999HIGHA Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitraryEPSS 2.9%CVE-2021-24962—WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCEEPSS 2.8%CVE-2019-5423—Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a rEPSS 2.8%CVE-2026-34414HIGHXerte Online Toolkits Path Traversal via connector.phpEPSS 2.8%CVE-2022-2119HIGHOFFIS DCMTK Path TraversalEPSS 2.8%CVE-2021-21904CRITICALA directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. An attacker EPSS 2.8%CVE-2020-3177HIGHCisco Unified Communications Manager Path Traversal VulnerabilityEPSS 2.8%CVE-2017-3188—The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversalEPSS 2.8%CVE-2017-20184HIGHCarlo Gavazzi Powersoft prone to Path TraversalEPSS 2.8%CVE-2019-5624HIGHRapid7 Metasploit Framework Zip Import Directory TraversalEPSS 2.8%CVE-2024-13158HIGHAn unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allowEPSS 2.8%CVE-2021-27471HIGHRockwell Automation Connected Components Workbench Path TraversalEPSS 2.7%CVE-2019-10182HIGHIt was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could tEPSS 2.7%