Fallos del tipo CWE-22
4873 resultadosCVE-2025-29213MEDIUMA zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a EPSS 0.3%CVE-2026-6957HIGHPath traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.EPSS 0.3%CVE-2026-7807HIGHSmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} APIEPSS 0.3%CVE-2026-54468MEDIUMDell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerability. A low privileged attacker with remoteEPSS 0.3%CVE-2026-42679MEDIUMWordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerabilityEPSS 0.3%CVE-2026-14468HIGHPath traversal allows arbitrary file read in Terraform Enterprise containerEPSS 0.3%CVE-2026-48944MEDIUMJoomla Extension - getk2.org - Exposure of sensitive files via attachment copy in K2 extension for Joomla < 2.26EPSS 0.3%CVE-2026-7445MEDIUMZachHandley ZMCPTools MCP Log Resource ResourceManager.ts path traversalEPSS 0.3%CVE-2026-6961HIGHCVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation syncEPSS 0.3%CVE-2026-41140LOWPoetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4EPSS 0.3%CVE-2024-9597HIGHPath Traversal in parisneo/lollmsEPSS 0.3%CVE-2024-12425LOWPath traversal leading to arbitrary .ttf file writeEPSS 0.3%CVE-2026-7728MEDIUMryanjoachim mcp-rtfm MCP update_doc path traversalEPSS 0.3%CVE-2026-7599MEDIUMDayoooun hwpx-mcp MCP index.ts export_to_html path traversalEPSS 0.3%CVE-2026-13509MEDIUMRAGapp Knowledge File files.py FileHandler.remove_file path traversalEPSS 0.3%CVE-2026-57321HIGHWordPress H5P plugin <= 1.17.7 - Arbitrary File Deletion vulnerabilityEPSS 0.3%CVE-2025-69267HIGHSpectrum directory path traversalEPSS 0.3%CVE-2025-61647LOWUserInfoCard: Don't allow access to information about users who are suppressed if you don't have suppressor rightsEPSS 0.3%CVE-2026-55092HIGHTrivy: Path traversal via a crafted vulnerability database or other downloaded artifactsEPSS 0.3%CVE-2026-54286MEDIUMHono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)EPSS 0.3%