Fallos del tipo CWE-22

4856 resultados
CVE-2025-3547MEDIUMfrdel Agent-Zero get_work_dir_files path traversalEPSS 0.4%CVE-2025-4530MEDIUMfeng_ha_ha/megagao ssm-erp/production_ssm File FileController.java handleFileDownload path traversalEPSS 0.4%CVE-2020-12499HIGHPHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier: Improper path sanitation vulnerability.EPSS 0.4%CVE-2025-42906MEDIUMDirectory Traversal vulnerability in SAP Commerce CloudEPSS 0.4%CVE-2023-38176HIGHAzure Arc-Enabled Servers Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2025-27299MEDIUMWordPress MyTicket Events plugin <= 1.2.4 - Non-Arbitrary File Read vulnerabilityEPSS 0.4%CVE-2026-30893CRITICALWazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peerEPSS 0.4%CVE-2024-53844MEDIUMImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddiEPSS 0.4%CVE-2026-24488MEDIUMOpenEMR Vulnerable to Arbitrary File Exfiltration via Fax EndpointEPSS 0.4%CVE-2026-47277MEDIUMRuntipi: Unauthenticated arbitrary file read through app-store logo symlinksEPSS 0.4%CVE-2026-32733HIGHHalloy has a file transfer path traveral vulnerabilityEPSS 0.4%CVE-2025-6020HIGHLinux-pam: linux-pam directory traversalEPSS 0.4%CVE-2025-60024HIGHMultiple Improper Limitations of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilities [CWE-22] vulnerability in Fortinet EPSS 0.4%CVE-2026-41863MEDIUMLLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills APIEPSS 0.4%CVE-2025-5385MEDIUMJeeWMS cgformTemplateController.do doAdd path traversalEPSS 0.4%CVE-2022-46305MEDIUMChangingTec ServiSign - Path TraversalEPSS 0.4%CVE-2026-3474MEDIUMEmailKit <= 1.6.3 - Authenticated (Administrator+) Path Traversal via 'emailkit-editor-template' REST API ParameterEPSS 0.4%CVE-2021-47979HIGHWordPress Plugin Backup and Restore 1.0.3 Arbitrary File DeletionEPSS 0.4%CVE-2025-66300HIGHGrav is vulnerable to Arbitrary File ReadEPSS 0.4%CVE-2026-33027MEDIUMNginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration DirectoryEPSS 0.4%