Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-22 (对路径名的限制不恰当(路径遍历)) — Vulnerability Class 3346

3346 vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-23889 pnpm has Windows-specific tarball Path Traversal — pnpm 6.5 Medium2026-01-26
CVE-2026-23888 pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip) — pnpm 6.5 Medium2026-01-26
CVE-2026-24469 C++ HTTP Server has Critical Path Traversal Vulnerability in RequestHandler Allowing Arbitrary File Read — http-server 7.5 High2026-01-24
CVE-2025-11002 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability — 7-Zip 8.8 -2026-01-23
CVE-2026-24137 sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal — sigstore 5.8 Medium2026-01-23
CVE-2026-21227 Azure Logic Apps Elevation of Privilege Vulnerability — Azure Logic Apps 8.2 High2026-01-22
CVE-2026-23954 Incus container image templating arbitrary host file read and write — incus 8.7 High2026-01-22
CVE-2023-7335 EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics — EduSoho 7.5AIHighAI2026-01-22
CVE-2025-69097 WordPress WPLMS plugin <= 1.9.9.5.4 - Arbitrary File Deletion vulnerability — WPLMS 8.6 High2026-01-22
CVE-2025-69055 WordPress BM Content Builder plugin < 3.16.3.3 - Arbitrary File Download vulnerability — BM Content Builder 6.5 Medium2026-01-22
CVE-2025-68912 WordPress HDForms plugin <= 1.6.1 - Arbitrary File Deletion vulnerability — HDForms 8.6 High2026-01-22
CVE-2025-68907 WordPress Hostme v2 theme <= 7.0 - Arbitrary File Deletion vulnerability — Hostme v2 7.5 High2026-01-22
CVE-2025-68902 WordPress Anona theme <= 8.0 - Arbitrary File Download vulnerability — Anona 7.5 High2026-01-22
CVE-2025-68901 WordPress Anona theme <= 8.0 - Arbitrary File Deletion vulnerability — Anona 8.6 High2026-01-22
CVE-2025-67963 WordPress Movie Booking plugin <= 1.1.5 - Arbitrary File Deletion vulnerability — Movie Booking 8.6 High2026-01-22
CVE-2025-67684 Remote Code Execution via Local File Inclusion in Quick.Cart — Quick.Cart 7.2AIHighAI2026-01-22
CVE-2026-24049 wheel Allows Arbitrary File Permission Modification via Path Traversal — wheel 7.1 High2026-01-22
CVE-2026-24046 Backstage has a Possible Symlink Path Traversal in Scaffolder Actions — backstage 7.1 High2026-01-21
CVE-2021-47849 Mini Mouse 9.3.0 - Local File inclusion / Path Traversal — Mini Mouse 6.2 Medium2026-01-21
CVE-2021-47850 Mini Mouse 9.2.0 - Path Traversal — Mini Mouse 7.5 High2026-01-21
CVE-2026-23949 jaraco.context Has a Path Traversal Vulnerability — jaraco.context 8.6 High2026-01-20
CVE-2026-22218 Chainlit < 2.9.4 Arbitrary File Read via /project/element — Chainlit 6.5AIMediumAI2026-01-19
CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality — siyuan 8.1AIHighAI2026-01-19
CVE-2026-23850 SiYuan vulnerable to arbitrary file read — siyuan 6.5AIMediumAI2026-01-19
CVE-2026-23644 esm.sh has path traversal in `extractPackageTarball` that enables file writes from malicious packages — esm.sh 7.1 -2026-01-18
CVE-2026-1111 Sanluan PublicCMS Task Template Management TaskTemplateAdminController.java save path traversal — PublicCMS 4.7 Medium2026-01-18
CVE-2025-13725 Gutenberg Thim Blocks <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' Parameter — Thim Blocks 6.5 Medium2026-01-17
CVE-2025-12002 Feeds for YouTube Pro <= 2.6.0 - Unauthenticated Arbitrary File Read via Path Traversal — YouTube Feed Pro 5.9 Medium2026-01-17
CVE-2026-23745 node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization — node-tar 9.1 -2026-01-16
CVE-2026-23535 wlc Path traversal: Unsanitized API slugs in download command — wlc 8.1 High2026-01-16

Vulnerabilities classified as CWE-22 (对路径名的限制不恰当(路径遍历)) represent 3346 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.