CWE-22 (对路径名的限制不恰当(路径遍历)) — Vulnerability Class 3331

3331 vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-34395	Barracuda RMM < 2025.1.1 Service Center .NET Remoting Path Traversal RCE — RMM	9.1^AI	Critical^AI	2025-12-10
CVE-2025-8110	File overwrite in file update API in Gogs — Gogs	7.8^AI	High^AI	2025-12-10
CVE-2025-13339	Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read — Hippoo Mobile App for WooCommerce	7.5	High	2025-12-10
CVE-2025-13677	Simple Download Counter <= 2.2.2 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal — Simple Download Counter	4.9	Medium	2025-12-10
CVE-2025-67506	PipesHub Vulnerable to Path Traversal through Unauthenticated Arbitrary File Upload — pipeshub-ai	9.8	Critical	2025-12-10
CVE-2025-61811	ColdFusion \| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) — ColdFusion	9.1	Critical	2025-12-09
CVE-2025-66645	NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading — nicegui	7.5	High	2025-12-09
CVE-2023-53772	MiniDVBLinux 5.4 Arbitrary File Read Vulnerability via About Page — MiniDVBLinux	6.5^AI	Medium^AI	2025-12-09
CVE-2021-47724	STVS ProVision Authenticated File Disclosure via archive.rb — STVS ProVision	6.5^AI	Medium^AI	2025-12-09
CVE-2025-67488	SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE — siyuan	7.8	High	2025-12-09
CVE-2025-11531	HP System Event Utility and Omen Gaming Hub – Potential Arbitrary Code Execution — HP System Event Utility	8.4^AI	High^AI	2025-12-09
CVE-2025-60024	Fortinet FortiVoice 路径遍历漏洞 — FortiVoice	7.7	High	2025-12-09
CVE-2025-13661	Ivanti Endpoint Manager 路径遍历漏洞 — Endpoint Manager	7.1	High	2025-12-09
CVE-2025-14311	JMRI 安全漏洞 — JMRI	6.5^AI	Medium^AI	2025-12-09
CVE-2025-14306	Directory Traversal in Robocode's CacheCleaner Component — Robocode	9.1^AI	Critical^AI	2025-12-09
CVE-2025-14224	Yottamaster DM2/DM3/DM200 File Upload path traversal — DM2	4.3	Medium	2025-12-08
CVE-2025-14220	ORICO CD3510 File Upload path traversal — CD3510	4.3	Medium	2025-12-08
CVE-2025-14182	Sobey Media Convergence System upload path traversal — Media Convergence System	6.3	Medium	2025-12-07
CVE-2025-13377	10Web Booster <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache — 10Web Booster – Website speed optimization, Cache & Page Speed optimizer	9.6	Critical	2025-12-06
CVE-2025-14111	Rarlab RAR App com.rarlab.rar path traversal — RAR App	5.0	Medium	2025-12-05
CVE-2025-54160	Synology BeeDrive 路径遍历漏洞 — BeeDrive for desktop	7.8	High	2025-12-04
CVE-2025-29846	Synology Router Manager 路径遍历漏洞 — Synology Router Manager (SRM)	7.2	High	2025-12-04
CVE-2025-29845	Synology Router Manager 路径遍历漏洞 — Synology Router Manager (SRM)	4.3	Medium	2025-12-04
CVE-2025-29844	Synology Router Manager 路径遍历漏洞 — Synology Router Manager (SRM)	4.3	Medium	2025-12-04
CVE-2025-29843	Synology Router Manager 路径遍历漏洞 — Synology Router Manager (SRM)	5.4	Medium	2025-12-04
CVE-2025-13645	Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Deletion — Image Gallery – Photo Grid & Video Gallery	7.2	High	2025-12-03
CVE-2025-13876	Rareprob HD Video Player All Formats App com.rocks.music.videoplayer path traversal — HD Video Player All Formats App	5.3	Medium	2025-12-02
CVE-2025-13875	Yohann0617 oci-helper OCI Configuration Upload OciServiceImpl.java addCfg path traversal — oci-helper	6.3	Medium	2025-12-02
CVE-2025-13879	Directory traversal vulnerability in EfficientIP's SOLIDserver IPAM — SOLIDserver IPAM	4.9^AI	Medium^AI	2025-12-02
CVE-2025-66410	Gin-vue-admin has an arbitrary file deletion vulnerability — gin-vue-admin	9.1^AI	Critical^AI	2025-12-01

Vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)) represent 3331 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-22 (对路径名的限制不恰当(路径遍历)) — Vulnerability Class 3331