Weaknesses of type CWE-22

4,790 results
CVE-2024-8865MEDIUMcomposiohq composio api.py path path traversalEPSS 0.9%CVE-2024-40628CRITICALArbitrary File Read in Ansible Playbooks in JumpserverEPSS 0.9%CVE-2025-3404HIGHDownload Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File DeletionEPSS 0.9%CVE-2024-39937HIGHsupOS 5.0 allows api/image/download?fileName=../ directory traversal for reading files.EPSS 0.9%CVE-2022-24730HIGHPath traversal and improper access control allows leaking out-of-bound files from Argo CD repo-serverEPSS 0.9%CVE-2025-3300HIGHWPMasterToolKit (WPMTK) – All in one plugin <= 2.5.2 - Authenticated (Administrator+) to Arbitrary File Read and WriteEPSS 0.9%CVE-2022-44942HIGHCasdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function.EPSS 0.9%CVE-2024-1558HIGHPath Traversal Vulnerability in mlflow/mlflowEPSS 0.9%CVE-2023-23872MEDIUMWordPress GMAce plugin <= 1.5.2 - Arbitrary File Download vulnerabilityEPSS 0.9%CVE-2022-40977HIGHPILZ: PASvisu and PMI affected by ZipSlipEPSS 0.9%CVE-2025-42946MEDIUMDirectory Traversal vulnerability in SAP S/4HANA (Bank Communication Management)EPSS 0.9%CVE-2023-25814HIGHArbitrary File Read Vulnerability in metersphereEPSS 0.9%CVE-2024-31487MEDIUMA improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4,EPSS 0.9%CVE-2025-62424MEDIUMClipBucket path traversal vulnerability in template editor allows arbitrary file read and writeEPSS 0.9%CVE-2022-42125HIGHZip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows atEPSS 0.9%CVE-2022-42123HIGHA Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7EPSS 0.9%CVE-2026-24478HIGHAnythingLLM vulnerable to Path TraversalEPSS 0.9%CVE-2024-1560HIGHPath Traversal Vulnerability in mlflow/mlflowEPSS 0.9%CVE-2025-28384CRITICALAn issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.EPSS 0.9%CVE-2025-70952HIGHpf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names cEPSS 0.9%