Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,152 vulnerabilities with CWE-22

CVE-2024-7741 MEDIUM

ltcms 1.0.20 - Path Traversal via API Endpoint

CVE-2024-7738 LOW

yzane vscode-markdown-pdf <1.5.0 - Path Traversal

CVE-2024-6618 HIGH

Ocean Data Systems Dream Report - Path Traversal

CVE-2024-43165 MEDIUM

Rashid87 WPSection <1.3.8 - Path Traversal

CVE-2024-43140 HIGH

G5Theme Ultimate Bootstrap Elements <1.4.4 - Path Traversal

CVE-2024-43138 MEDIUM

MagePeople Team Event Manager <4.2.1 - Path Traversal

CVE-2024-43135 HIGH

Themewinter WPCafe <2.2.28 - Path Traversal

CVE-2024-43129 MEDIUM

WPDeveloper BetterDocs <3.5.8 - Path Traversal

CVE-2024-39651 HIGH

WooCommerce PDF Vouchers < 4.9.5 - Unauthenticated Path Traversal and Arbitrary File Deletion

CVE-2024-41938 MEDIUM

SINEC NMS < 3.0 - Authenticated Path Traversal via ImportCertificate Function

CVE-2024-42474 MEDIUM

Streamlit < 1.37.0 - Path Traversal via Static File Sharing Feature

CVE-2024-42485 HIGH

Filament Excel <v2.3.3 - Path Traversal

CVE-2024-33535 HIGH

Zimbra Collaboration 9.0-10.0 < 10.0.8 - Unauthenticated Local File Inclusion via Packages Parameter

CVE-2024-7693 HIGH

raidenmaild < 5.0.2 - Unauthenticated Path Traversal

CVE-2024-7399 HIGH KEV

Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399)

CVE-2024-6759 MEDIUM

FreeBSD < 13.0 - Path Traversal via NFS Filename Sanitization Bypass

CVE-2024-42469 CRITICAL

openHAB < 4.2.1 - Unauthenticated Path Traversal and Arbitrary File Write via CometVisu File System Endpoint

CVE-2024-42468 MEDIUM

CometVisuServlet <4.2.1 - Path Traversal

CVE-2024-41936 HIGH

Vonets Industrial WiFi Bridge Firmware < 3.3.23.6.9 - Unauthenticated Path Traversal and Authentication Bypass

CVE-2024-21877 MEDIUM

Enphase IQ Gateway Firmware 4.0-8.0 and < 8.2.4225 - Authenticated Path Traversal via URL Parameter

CVE-2024-21876 CRITICAL

Enphase IQ Gateway Firmware 4.0-8.2.4225 - Unauthenticated Path Traversal and Arbitrary File Write via URL Parameter

CVE-2024-0113 HIGH

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC - Path Traversal via Web Support CGI URI

CVE-2024-42408 MEDIUM

dorsettcontrols infoscan - Path Traversal via Client Download Page Interception

CVE-2024-6707 HIGH

Web Server <version - Path Traversal

CVE-2024-7061 MEDIUM

Okta Verify for Windows < 5.0.2 - Privilege Escalation via DLL Hijacking

Previous Page 105 of 367 Next

Details

Vulnerabilities 9,152

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy