Weaknesses of type CWE-73
466 resultsCVE-2026-46383MEDIUMMicrosoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`EPSS 0.6%CVE-2024-37295HIGHAimeos Core remote code execution in web server contextEPSS 0.6%CVE-2024-2150MEDIUMSourceCodester Insurance Management System file inclusionEPSS 0.6%CVE-2025-66292HIGHDPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interfaceEPSS 0.6%CVE-2024-10834CRITICALArbitrary File Write in eosphoros-ai/db-gptEPSS 0.6%CVE-2024-25975MEDIUMArbitrary File OverwriteEPSS 0.6%CVE-2026-40086MEDIUMRembg has a Path Traversal via Custom Model LoadingEPSS 0.6%CVE-2025-3419HIGHEvent Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File ReadEPSS 0.6%CVE-2025-9048HIGHWptobe-memberships <= 3.4.2 - Authenticated (Subscriber+) Arbitrary File DeletionEPSS 0.6%CVE-2025-8422HIGHPropovoice <= 1.7.6.7 - Unauthenticated Arbitrary File ReadEPSS 0.6%CVE-2026-9559CRITICALA path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign importsEPSS 0.6%CVE-2025-10058HIGHWP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Authenticated (Subscriber+) Arbitrary File DeletionEPSS 0.6%CVE-2025-0109MEDIUMPAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web InterfaceEPSS 0.6%CVE-2024-1603HIGHconfirmedEPSS 0.6%CVE-2026-35174CRITICALChyrp Lite has a Path Traversal to Remote Code ExecutionEPSS 0.6%CVE-2025-4602MEDIUMeMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File ReadEPSS 0.6%CVE-2026-40370HIGHSQL Server Remote Code Execution VulnerabilityEPSS 0.6%CVE-2025-68155HIGH@vitejs/plugin-rsc has Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint on DevelopmentEPSS 0.6%CVE-2025-13322HIGHWP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Deletion via 'audio_upload' ParameterEPSS 0.5%CVE-2022-42734HIGHA vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service usiEPSS 0.5%