Fallos del tipo CWE-22

4896 resultados
CVE-2022-28784MEDIUMPath traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as EPSS 0.1%CVE-2026-49356LOWBabel: Arbitrary File Read via sourceMappingURL Comment in @babel/coreEPSS 0.1%CVE-2026-45380LOWbit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymlink()`EPSS 0.1%CVE-2025-53594MEDIUMQfinder Pro, Qsync, QVPNEPSS 0.1%CVE-2025-48567HIGHIn multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrecEPSS 0.1%CVE-2023-21093HIGHIn extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a paEPSS 0.1%CVE-2026-41009MEDIUMLocal Blobstore may allow arbitrary reads/deletesEPSS 0.1%CVE-2023-35670HIGHIn computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a patEPSS 0.1%CVE-2024-47027HIGHIn sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. EPSS 0.1%CVE-2025-48550MEDIUMIn testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. This coEPSS 0.1%CVE-2026-53766MEDIUMchrome-devtools-mcp: validatePath() does not canonicalize symlinks before enforcing rootsEPSS 0.1%CVE-2025-48636HIGHIn openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. ThEPSS 0.1%CVE-2026-0055MEDIUMIn createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid dirEPSS 0.1%CVE-2025-9142HIGHLocal privilege escalation in Harmony SASE Windows AgentEPSS 0.1%CVE-2026-59733HIGHrclone `serve restic --private-repos` authorization bypass: `..` in the URL path lets an authenticated user read, overwrite and delete other users' repositoriesEPSS CVE-2026-47429CRITICALVitest: Arbitrary file can be read and executed when Vitest UI server is listeningEPSS CVE-2026-15392DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted locationEPSS CVE-2026-48319CRITICALColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)EPSS CVE-2026-9108MEDIUMStudio 5000 Logix Designer® – Multiple VulnerabilitiesEPSS CVE-2026-53486CRITICALdecompress: Archive extraction can create files and links outside the target directoryEPSS