Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-22 (对路径名的限制不恰当(路径遍历)) — Vulnerability Class 3346

3346 vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-7272 WilliamCloudQi matlab-mcp-server MCP index.ts execute_matlab_code path traversal — matlab-mcp-server 7.3 High2026-04-28
CVE-2026-7271 DV0x creative-ad-agent creative-ad-agent-server sdk-server.ts path traversal — creative-ad-agent 5.3 Medium2026-04-28
CVE-2026-7237 AgiFlow scaffold-mcp write-to-file Tool index.ts path traversal — scaffold-mcp 7.3 High2026-04-28
CVE-2026-7235 ErlichLiu claude-agent-sdk-master route.ts path traversal — claude-agent-sdk-master 5.3 Medium2026-04-28
CVE-2026-7234 BrowserOperator browser-operator-core server.js startsWith path traversal — browser-operator-core 7.3 High2026-04-28
CVE-2026-7216 donchelo processing-claude-mcp-bridge create_sketch Tool processing_server.py path traversal — processing-claude-mcp-bridge 7.3 High2026-04-28
CVE-2026-7214 eghuzefa engineer-your-data server.py file_inf path traversal — engineer-your-data 7.3 High2026-04-28
CVE-2026-7213 ef10007 MLOps_MCP save_file Tool fastmcp_server.py path traversal — MLOps_MCP 7.3 High2026-04-28
CVE-2026-7212 edvardlindelof notes-mcp notes_mcp.py path traversal — notes-mcp 7.3 High2026-04-28
CVE-2026-7205 duartium papers-mcp-server main.py search_papers path traversal — papers-mcp-server 7.3 High2026-04-28
CVE-2026-41370 OpenClaw < 2026.3.31 - Path Traversal via Inbound Channel Attachment Path in ACP Dispatch — OpenClaw 6.5 Medium2026-04-27
CVE-2026-41363 OpenClaw 2026.2.6 < 2026.3.28 - Arbitrary File Read via Feishu upload_image Parameter — OpenClaw 5.3 Medium2026-04-27
CVE-2026-7179 OSPG binwalk WinCE Extraction Plugin winceextract.py read_null_terminated_string path traversal — binwalk 5.3 Medium2026-04-27
CVE-2026-7159 douinc mkdocs-mcp-plugin server.py list_documents path traversal — mkdocs-mcp-plugin 7.3 High2026-04-27
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs — CPython 6.2AIMediumAI2026-04-27
CVE-2026-7149 dexhunter kaggle-mcp server.py prepare_kaggle_dataset path traversal — kaggle-mcp 7.3 High2026-04-27
CVE-2026-41465 ProjeQtor < 12.4.4 Path Traversal via dynamicDialog.php — ProjeQtor 6.5 Medium2026-04-27
CVE-2026-41463 ProjeQtor < 12.4.4 ZipSlip Path Traversal via uploadPlugin.php — ProjeQtor 8.8 High2026-04-27
CVE-2026-7132 code-projects Online Lot Reservation System download.php readfile path traversal — Online Lot Reservation System 5.3 Medium2026-04-27
CVE-2026-7086 HBAI-Ltd Toonflow-app Storyboard Export replaceUrl.ts updateStoryboardUrl path traversal — Toonflow-app 4.3 Medium2026-04-27
CVE-2026-7085 HBAI-Ltd Toonflow-app downloadApp Endpoint downloadApp.ts z.url path traversal — Toonflow-app 5.0 Medium2026-04-27
CVE-2026-7059 666ghj MiroFish Query Parameter simulation.py get_simulation_posts path traversal — MiroFish 5.3 Medium2026-04-26
CVE-2026-7036 Tenda i9 HTTP R7WebsSecurityHandlerfunction path traversal — i9 7.3 High2026-04-26
CVE-2026-7024 rawchen sims deleteFileServlet Endpoint DeleteFileServlet.java path traversal — sims 5.4 Medium2026-04-26
CVE-2026-7020 Ollama Tensor Model Transfer transfer.go digestToPath path traversal — Ollama 5.6 Medium2026-04-26
CVE-2026-6968 Multiple Path Traversal Variants in awslabs/tough — tough 5.9 Medium2026-04-24
CVE-2026-41433 OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR — opentelemetry-ebpf-instrumentation 8.4 High2026-04-24
CVE-2026-41894 SiYuan: Incomplete Fix Bypass for CVE-2026-30869: Path Traversal via Double URL Encoding in `/export/` Endpoint — siyuan 6.5AIMediumAI2026-04-24
CVE-2026-41419 4ga Boards: Import Path Traversal Leads to Arbitrary File Read — 4gaBoards 7.6 High2026-04-24
CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 — poetry 9.1 -2026-04-24

Vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)) represent 3346 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.