Falhas do tipo CWE-22

4.846 resultados
CVE-2024-38772MEDIUMWordPress JetWidgets for Elementor and WooCommerce plugin <= 1.1.7 - Contributor+ Limited Local File Inclusion vulnerabilityEPSS 0.5%CVE-2026-33747HIGHBuildKit vulnerable to malicious frontend causing file escape outside of storage rootEPSS 0.5%CVE-2024-38715MEDIUMWordPress ExS Widgets plugin <= 0.3.1 - Local File Inclusion vulnerabilityEPSS 0.5%CVE-2025-61624MEDIUMAn Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7EPSS 0.5%CVE-2025-41755MEDIUMArbitrary Read with ubr-logreadEPSS 0.5%CVE-2026-2421MEDIUMilGhera Carta Docente for WooCommerce <= 1.5.0 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' ParameterEPSS 0.5%CVE-2024-36267HIGHPath traversal vulnerability exists in Redmine DMSF Plugin versions prior to 3.1.4. If this vulnerability is exploited, a logged-in user mayEPSS 0.5%CVE-2026-41552CRITICALPath Traversal in PDF Export ModuleEPSS 0.5%CVE-2023-47679MEDIUMWordPress Qi Addons For Elementor plugin <= 1.6.3 - Local File Inclusion vulnerabilityEPSS 0.5%CVE-2024-11833HIGHArbitrary Directory Write via Runbooks Artifact UploadEPSS 0.5%CVE-2024-11834HIGHArbitrary File Write via PTRAC ImportEPSS 0.5%CVE-2026-49982HIGHtmp: Type-confusion bypass of _assertPath in tmp@0.2.6 allows path traversal via non-string prefix/postfix/templateEPSS 0.5%CVE-2024-39651HIGHWordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Arbitrary File Deletion vulnerabilityEPSS 0.5%CVE-2025-27932HIGHImproper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file deletion process of the USB storage EPSS 0.5%CVE-2022-46492MEDIUMnbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/EPSS 0.5%CVE-2025-9217MEDIUMSlider Revolution <= 6.7.36 - Authenticated (Contributor+) Arbitrary File Read via 'used_svg' and 'used_images'EPSS 0.5%CVE-2023-49788HIGHImproper handling of browser-side provided input in richdocuments path handlingEPSS 0.5%CVE-2026-49465MEDIUMn8n: Git Node Clone and Push Operations Bypass File SandboxEPSS 0.5%CVE-2026-41951HIGHPath traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the serveEPSS 0.5%CVE-2026-41612MEDIUMVisual Studio Code Information Disclosure VulnerabilityEPSS 0.5%