Fallos del tipo CWE-22
4854 resultadosCVE-2026-24046HIGHBackstage has a Possible Symlink Path Traversal in Scaffolder ActionsEPSS 0.5%CVE-2026-44017HIGHDocling: Unsafe Zip Extraction in EasyOCR Model DownloadEPSS 0.5%CVE-2026-11414CRITICALUnauthenticated File Exfiltration in Altium Enterprise Server Vault Service via Hard-coded Cryptographic Key and Path TraversalEPSS 0.5%CVE-2023-38012MEDIUMIBM Cloud Pak System directory traversalEPSS 0.5%CVE-2024-45312MEDIUMArbitrary language parameter can passed to `aspell` executable via spelling requests in overleafEPSS 0.5%CVE-2025-2032MEDIUMChestnutCMS rename renameFile path traversalEPSS 0.5%CVE-2024-37372LOWThe Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not alwEPSS 0.5%CVE-2025-31493MEDIUMPath traversal of collection names during file system lookupEPSS 0.5%CVE-2026-32709MEDIUMPX4 Autopilot MAVLink FTP Unauthenticated Path Traversal (Arbitrary File Read/Write/Delete)EPSS 0.5%CVE-2024-7248HIGHComodo Internet Security Pro Directory Traversal Local Privilege Escalation VulnerabilityEPSS 0.5%CVE-2026-23644HIGHesm.sh has path traversal in `extractPackageTarball` that enables file writes from malicious packagesEPSS 0.5%CVE-2025-28955HIGHWordPress Easy Video Player Wordpress & WooCommerce plugin <= 10.0 - Arbitrary File Download VulnerabilityEPSS 0.5%CVE-2026-6832HIGHNesquena Hermes WebUI Arbitrary File Deletion via Unvalidated session_idEPSS 0.5%CVE-2025-64433MEDIUMKubeVirt Arbitrary Container File ReadEPSS 0.5%CVE-2023-46237MEDIUMFOG path traversal via unauthenticated endpointEPSS 0.5%CVE-2024-10313HIGHiniNet Solutions SpiderControl SCADA PC HMI Editor Path TraversalEPSS 0.5%CVE-2025-30207LOWKirby vulnerable to path traversal in the router for PHP's built-in serverEPSS 0.5%CVE-2026-45727HIGHCloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletionEPSS 0.5%CVE-2025-43537LOWA path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2.EPSS 0.5%CVE-2025-31070HIGHWordPress HTML5 Radio Player - WPBakery Page Builder Addon plugin <= 2.5 - Arbitrary File Download vulnerabilityEPSS 0.5%