Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-22 (对路径名的限制不恰当(路径遍历)) — Vulnerability Class 3330

3330 vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-24049 wheel Allows Arbitrary File Permission Modification via Path Traversal — wheel 7.1 High2026-01-22
CVE-2026-24046 Backstage has a Possible Symlink Path Traversal in Scaffolder Actions — backstage 7.1 High2026-01-21
CVE-2021-47849 Mini Mouse 9.3.0 - Local File inclusion / Path Traversal — Mini Mouse 6.2 Medium2026-01-21
CVE-2021-47850 Mini Mouse 9.2.0 - Path Traversal — Mini Mouse 7.5 High2026-01-21
CVE-2026-23949 jaraco.context Has a Path Traversal Vulnerability — jaraco.context 8.6 High2026-01-20
CVE-2026-22218 Chainlit < 2.9.4 Arbitrary File Read via /project/element — Chainlit 6.5AIMediumAI2026-01-19
CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality — siyuan 8.1AIHighAI2026-01-19
CVE-2026-23850 SiYuan vulnerable to arbitrary file read — siyuan 6.5AIMediumAI2026-01-19
CVE-2026-23644 esm.sh has path traversal in `extractPackageTarball` that enables file writes from malicious packages — esm.sh 7.1 -2026-01-18
CVE-2026-1111 Sanluan PublicCMS Task Template Management TaskTemplateAdminController.java save path traversal — PublicCMS 4.7 Medium2026-01-18
CVE-2025-13725 Gutenberg Thim Blocks <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' Parameter — Thim Blocks 6.5 Medium2026-01-17
CVE-2025-12002 Feeds for YouTube Pro <= 2.6.0 - Unauthenticated Arbitrary File Read via Path Traversal — YouTube Feed Pro 5.9 Medium2026-01-17
CVE-2026-23745 node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization — node-tar 9.1 -2026-01-16
CVE-2026-23535 wlc Path traversal: Unsanitized API slugs in download command — wlc 8.1 High2026-01-16
CVE-2026-22876 TOA TRIFORA 3 Series 路径遍历漏洞 — Multiple Network Cameras TRIFORA 3 series 6.5 -2026-01-16
CVE-2021-47795 GeoVision Geowebserver 5.3.3 - Local FIle Inclusion — GeoVision Geowebserver 6.2 Medium2026-01-15
CVE-2026-22249 Docmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip) — docmost 7.1 High2026-01-15
CVE-2025-66292 DPanel has an arbitrary file deletion vulnerability in /api/common/attach/delete interface — dpanel 8.1 High2026-01-15
CVE-2021-47755 Oliver Library Server v5 - Arbitrary File Download — Oliver Library Server 7.5 High2026-01-15
CVE-2025-9142 Local privilege escalation in Harmony SASE Windows Agent — Hramony SASE 7.5 High2026-01-14
CVE-2025-15020 Gotham Block Extra Light <= 1.5.0 - Authenticated (Contributor+) Arbitrary File Read via 'ghostban' Shortcode — Gotham Block Extra Light 6.5 Medium2026-01-14
CVE-2025-14301 Integration Opvius AI for WooCommerce <= 1.3.0 - Unauthenticated Arbitrary File Deletion/Read via Path Traversal — Integration Opvius AI for WooCommerce 9.8 Critical2026-01-14
CVE-2022-50939 e107 CMS v3.2.1 - Upload Restriction Bypass with Path Traversal File Override — e107 CMS 7.2 High2026-01-13
CVE-2022-50932 Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure (Unauthenticated) — Kyocera Command Center RX 7.5 High2026-01-13
CVE-2022-50890 Owlfiles File Manager 12.0.1 - Path Traversal — Owlfiles File Manager 7.5 High2026-01-13
CVE-2021-47751 CuteEditor for PHP 6.6 - Directory Traversal — CuteEditor 7.5 High2026-01-13
CVE-2021-47749 YouPHPTube <= 7.8 - Directory Traversal — YouPHPTube 5.5 Medium2026-01-13
CVE-2026-22871 GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE — guarddog 9.8AICriticalAI2026-01-13
CVE-2025-58693 Fortinet FortiVoice 路径遍历漏洞 — FortiVoice 5.7 Medium2026-01-13
CVE-2025-9435 Path Traversal — ManageEngine ADManager Plus 5.5 Medium2026-01-13

Vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)) represent 3330 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.