Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-22 (对路径名的限制不恰当(路径遍历)) — Vulnerability Class 3336

3336 vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-6210 Hardlink-Based Path Traversal in run-llama/llama_index — run-llama/llama_index 7.5 -2025-07-07
CVE-2025-3046 Path Traversal via Symbolic Links in run-llama/llama_index — run-llama/llama_index 5.3 -2025-07-07
CVE-2025-7108 risesoft-y9 Digital-Infrastructure Y9FileController.java deleteFile path traversal — Digital-Infrastructure 5.4 Medium2025-07-07
CVE-2025-7107 SimStudioAI sim route.ts handleLocalFile path traversal — sim 5.3 Medium2025-07-07
CVE-2025-7098 Comodo Internet Security Premium File Name path traversal — Internet Security Premium 5.6 Medium2025-07-06
CVE-2025-28980 WordPress Aviation Weather from NOAA plugin <= 0.7.2 - Arbitrary File Deletion Vulnerability — Aviation Weather from NOAA 7.7 High2025-07-04
CVE-2025-49303 WordPress Frontend Admin by DynamiApps plugin <= 3.28.7 - Arbitrary File Download Vulnerability — Frontend Admin by DynamiApps 6.8 Medium2025-07-04
CVE-2025-2932 JKDEVKIT <= 1.9.4 - Authenticated (Subscriber+) Arbitrary File Deletion — JKDEVKIT 8.8 High2025-07-03
CVE-2025-34076 Microweber CMS Authenticated Local File Inclusion via Backup API — CMS 8.1AIHighAI2025-07-02
CVE-2025-53358 kotaemon Vulnerable to Path Traversal via Link Upload — kotaemon 6.5 Medium2025-07-02
CVE-2025-53110 Model Context Protocol Servers Vulnerable to Path Validation Bypass via Colliding Path Prefix — servers 7.5AIHighAI2025-07-02
CVE-2025-4946 Vikinger <= 1.9.32 - Authenticated (Subscriber+) Arbitrary File Deletion via vikinger_delete_activity_media_ajax Function — Vikinger 8.1 High2025-07-02
CVE-2025-27022 Path Traversal Vulnerability in Infinera G42 — G42 7.5 High2025-07-02
CVE-2025-5014 Home Villas | Real Estate WordPress Theme <= 2.8 - Authenticated (Subscriber+) Arbitrary File Deletion — Home Villas | Real Estate WordPress Theme 8.8 High2025-07-02
CVE-2025-6925 Dromara RuoYi-Vue-Plus Mail MailController.java path traversal — RuoYi-Vue-Plus 5.3 Medium2025-06-30
CVE-2025-6866 code-projects Simple Forum forum_downloadfile.php path traversal — Simple Forum 4.3 Medium2025-06-29
CVE-2025-6855 chatchat-space Langchain-Chatchat file path traversal — Langchain-Chatchat 5.5 Medium2025-06-29
CVE-2025-6854 chatchat-space Langchain-Chatchat files path traversal — Langchain-Chatchat 4.3 Medium2025-06-29
CVE-2025-6853 chatchat-space Langchain-Chatchat Backend upload_temp_docs path traversal — Langchain-Chatchat 6.3 Medium2025-06-29
CVE-2025-6755 Game Users Share Buttons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion via themeNameId Parameter — Game Users Share Buttons 8.8 High2025-06-28
CVE-2025-6379 BeeTeam368 Extensions Pro <= 2.3.4 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Deletion — BeeTeam368 Extensions Pro 8.8 High2025-06-28
CVE-2025-6776 xiaoyunjie openvpn-cms-flask File Upload controller.py upload path traversal — openvpn-cms-flask 7.3 High2025-06-27
CVE-2025-6774 gooaclok819 sublinkX template.go AddTemp path traversal — sublinkX 6.3 Medium2025-06-27
CVE-2025-6773 HKUDS LightRAG File Upload document_routes.py upload_to_input_dir path traversal — LightRAG 5.3 Medium2025-06-27
CVE-2025-6772 eosphoros-ai db-gpt import import_flow path traversal — db-gpt 7.3 High2025-06-27
CVE-2025-53298 WordPress Plugin Inspector plugin <= 1.5 - Arbitrary File Download Vulnerability — Plugin Inspector 4.9 Medium2025-06-27
CVE-2025-24765 WordPress Image Shadow plugin <= 1.1.0 - Arbitrary File Deletion Vulnerability — Image Shadow 7.7 High2025-06-27
CVE-2025-49448 WordPress FW Food Menu plugin <= 6.0.0 - Arbitrary File Deletion Vulnerability — FW Food Menu 8.6 High2025-06-27
CVE-2025-6731 yzcheng90 X-SpringBoot APK File apk uploadApk path traversal — X-SpringBoot 6.3 Medium2025-06-26
CVE-2025-34047 Leadsec VPN Path Traversal Arbitrary File Read — Leadsec SSL VPN 7.5AIHighAI2025-06-26

Vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)) represent 3336 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.