Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,152 vulnerabilities with CWE-22

CVE-2024-23468 HIGH

SolarWinds Access Rights Manager < 2023.2.4 - Unauthenticated Path Traversal and Information Disclosure

CVE-2024-23467 CRITICAL

SolarWinds Access Rights Manager < 2023.2.4 - Unauthenticated Directory Traversal and Remote Code Execution

CVE-2024-23466 CRITICAL

SolarWinds Access Rights Manager < 2023.2.4 - Unauthenticated Directory Traversal and Remote Code Execution

CVE-2024-40617 MEDIUM

FUJITSU Network Edgiot GW1500 - Path Traversal

CVE-2024-39036 MEDIUM

SeaCMS 12.9 - Arbitrary File Read via admin_safe.php

CVE-2024-5852 MEDIUM

WordPress File Upload <= 4.24.7 - Authenticated Path Traversal via uploadpath Parameter

CVE-2024-40524 CRITICAL

xmind2testcase 1.5 - Path Traversal and Remote Code Execution via webtool\application.py

CVE-2024-39918 MEDIUM

url-to-png < 2.1.2 - Path Traversal via ImageId Parameter

CVE-2024-39826 MEDIUM

Zoom Meeting SDK < 6.0.0 - Authenticated Information Disclosure via Team Chat Race Condition

CVE-2024-6746 MEDIUM

NaiboWang EasySpider 0.6.2 - Path Traversal

CVE-2024-39741 MEDIUM

IBM Datacap Navigator 9.1.5-9.1.9 - Path Traversal via URL Request

CVE-2024-31947 MEDIUM

StoneFly Storage Concentrator <8.0.4.26 - Path Traversal

CVE-2024-40550 HIGH

PublicCMS 4.0.202302.e - Template Metadata File Upload Code Execution

CVE-2024-38717 HIGH

Booking Ultra Pro <1.1.13 - Path Traversal

CVE-2024-38716 MEDIUM

Blue Plugins Events Calendar - Path Traversal

CVE-2024-39903 HIGH

Solara < 1.35.1 - Local File Inclusion via URI Fragment Path Traversal

CVE-2024-38715 MEDIUM

ExS Widgets <0.3.1 - Path Traversal

CVE-2024-38709 MEDIUM

GD Rating System <3.6 - Path Traversal

CVE-2024-38704 MEDIUM

WordPress Team Manager <2.1.12 - Path Traversal

CVE-2024-37932 HIGH

Woocommerce OpenPos <6.4.4 - Path Traversal

CVE-2024-37928 HIGH

NooTheme Jobmonster <4.7.0 - Path Traversal

CVE-2024-2602 HIGH

Schneider Electric FoxRTU Station <= 9.3.0 - Path Traversal

CVE-2024-39330 MEDIUM

Django 4.2-4.2.13 and 5.0-5.0.6 - Path Traversal via Custom Storage Class generate_filename() Override

CVE-2024-22377 MEDIUM

PingFederate 10.3.0-10.3.12 - Unauthenticated Path Traversal in Deploy Directory

CVE-2024-39171 CRITICAL

phpvibe 11.0.3-11.0.46 - Path Traversal and Remote Code Execution via .htaccess and PNG File Upload

Previous Page 108 of 367 Next

Details

Vulnerabilities 9,152

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy