Weaknesses of type CWE-22
4,779 resultsCVE-2022-47526CRITICALFox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote aEPSS 1.3%CVE-2010-10011MEDIUMAcritum Femitter Server path traversalEPSS 1.3%CVE-2023-28465HIGHThe package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to cerEPSS 1.3%CVE-2025-34110CRITICALColoradoFTP Server <= 1.3 Build 8 Path Traversal Information DisclosureEPSS 1.3%CVE-2022-29834HIGHImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitsubishi Electric GENESIS64 versions 10.97EPSS 1.3%CVE-2025-27782HIGHApplio allows arbitrary file write in inference.pyEPSS 1.3%CVE-2022-45866MEDIUMqpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversaEPSS 1.3%CVE-2021-24689—Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Admin+ Arbitrary System File ReadEPSS 1.3%CVE-2024-50509HIGHWordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Deletion vulnerabilityEPSS 1.3%CVE-2018-16478—A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root.EPSS 1.3%CVE-2022-2557—WordPress Team Members Showcase < 4.1.2 - Subscriber+ Arbitrary File Read and DeletionEPSS 1.3%CVE-2021-22704—A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo DesigEPSS 1.3%CVE-2023-27507CRITICALMicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save oEPSS 1.3%CVE-2021-32662MEDIUMTechDocs mkdocs.yml path traversalEPSS 1.3%CVE-2024-29672HIGHDirectory Traversal vulnerability in zly2006 Reden before v.0.2.514 allows a remote attacker to execute arbitrary code via the DEBUG_RTC_REQEPSS 1.3%CVE-2023-26687HIGHDirectory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_dataEPSS 1.3%CVE-2022-2943MEDIUMWordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File ReadEPSS 1.3%CVE-2026-39352HIGHFrappe has an Arbitrary File Read via Path Traversal in render_includeEPSS 1.3%CVE-2025-24406HIGHAdobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)EPSS 1.3%CVE-2023-34409CRITICALIn Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalizeEPSS 1.3%