Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,152 vulnerabilities with CWE-22

CVE-2024-37403 MEDIUM

Ivanti Docs@Work < 2.26.0 - Path Traversal via Improper File Name Sanitization

CVE-2024-7564 MEDIUM

Logsign Unified SecOps Platform - Authenticated Directory Traversal in get_response_json_result Endpoint

CVE-2024-39226 CRITICAL

GL-iNet Multiple Firmware Versions - OS Command Injection via s2s API

CVE-2024-7551 LOW

juzaweb CMS < 3.4.2 - Path Traversal in Theme Editor

CVE-2024-5709 HIGH

WPBakery Page Builder <= 7.7 - Authenticated Local File Inclusion via Layout Name Parameter

CVE-2024-6781 HIGH

calibre <= 7.14.0 - Unauthenticated Path Traversal and Arbitrary File Read

CVE-2024-23657 HIGH

nuxt/devtools < 1.3.9 - Unauthenticated Path Traversal and Remote Code Execution via WebSocket RPC

CVE-2024-7458 MEDIUM

eladmin < 2.7 - Path Traversal via Database/Deployment Upload Endpoint

CVE-2024-41310 HIGH

AndServer < 2.1.12 - Path Traversal

CVE-2024-7323 MEDIUM

Digiwin EasyFlow .NET < 6.6.17 - Path Traversal and Arbitrary File Read

CVE-2024-38878 HIGH

Omnivise T3000 Application Server R9.2/R8.2 SP3/SP4 - Authenticated Path Traversal

CVE-2024-39624 HIGH

ListingPro <= 2.9.4 - Local File Inclusion via Path Traversal

CVE-2024-39621 HIGH

Cridio ListingPro < 2.9.5 and CridioStudio ListingPro <= 2.9.4 - PHP Local File Inclusion via Path Traversal

CVE-2024-39619 CRITICAL

ListingPro <= 2.9.4 - Unauthenticated Local File Inclusion via Path Traversal

CVE-2024-38772 MEDIUM

Crocoblock JetWidgets - Path Traversal

CVE-2024-38768 MEDIUM

The Pack Elementor addons <= 2.0.8.6 - PHP Local File Inclusion and Path Traversal

CVE-2024-38746 HIGH

MakeStories <3.0.3 - Path Traversal

CVE-2024-7340 HIGH

Weave < 0.50.8 - Path Traversal and Arbitrary File Read via Server API

CVE-2024-37129 MEDIUM

Dell Inventory Collector < 12.3.0.6 - Authenticated Path Traversal and Arbitrary Code Execution

CVE-2024-6255 HIGH

gaizhenbiao/chuanhuchatgpt <20240410 - Path Traversal

CVE-2024-41695 HIGH

Cybonet PineApp Mail Relay - Path Traversal

CVE-2024-27887 MEDIUM

macOS Sonoma <14.4 - Info Disclosure

CVE-2024-27871 MEDIUM

macOS Sonoma <14.6 - Info Disclosure

CVE-2024-7248 HIGH

Comodo Internet Security Pro - Local Privilege Escalation via Update Mechanism Path Traversal

CVE-2024-41799 HIGH

tgstation-server 4.0.0-6.7.9 - Path Traversal and Remote Code Execution via .dme File Path Manipulation

Previous Page 106 of 367 Next

Details

Vulnerabilities 9,152

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy