Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,158 vulnerabilities with CWE-22

CVE-2024-5821 MEDIUM

stitionai/devika - Path Traversal via Misspelled File Name Correction

CVE-2024-5866 MEDIUM

Delinea Privileged Access Service < 22.3 - Path Traversal

CVE-2024-5865 HIGH

Delinea Privileged Access Service < 22.3 - Path Traversal and Arbitrary File Read

CVE-2024-5349 HIGH

LA-Studio Element Kit for Elementor <1.3.8.1 - Code Injection

CVE-2024-36991 HIGH

Splunk 9.0.0-9.0.9 - Path Traversal via /modules/messaging/ Endpoint

CVE-2024-24749 HIGH

GeoServer <2.23.5-2.24.3 - Info Disclosure

CVE-2024-36059 CRITICAL

Kalkitech ASE <2.3.5 - Path Traversal

CVE-2024-6127 CRITICAL

PowerShellEmpire Arbitrary File Upload (Skywalker)

CVE-2024-6090 HIGH

gaizhenbiao/chuanhuchatgpt 20240410 - Path Traversal and Denial of Service via Chat History Deletion

CVE-2024-6085 HIGH

lollms v9.6 - Unauthenticated Path Traversal and Arbitrary File Write via XTTS Server Root Folder Manipulation

CVE-2024-5980 CRITICAL

lightning-ai/pytorch-lightning 2.2.4-2.3.2 - Path Traversal and Arbitrary File Write via Tar.gz Plugin Extraction

CVE-2024-5824 HIGH

parisneo/lollms < 9.5.0 - Path Traversal and Remote Code Execution via /set_personality_config Endpoint

CVE-2024-5548 HIGH

stitionai devika - Path Traversal via /api/download-project project_name Parameter

CVE-2024-22232 HIGH

Salt File Server < unknown - Path Traversal

CVE-2024-22231 MEDIUM

Salt < 3005.5 - Directory Traversal via Syndic Cache Directory Creation

CVE-2024-5019 MEDIUM

WhatsUp Gold < 23.1.3 - Unauthenticated Arbitrary File Read via SessionController.CachedCSS

CVE-2024-5018 MEDIUM

WhatsUp Gold < 23.1.3 - Unauthenticated Path Traversal via SessionController.LoadNMScript

CVE-2024-5017 MEDIUM

WhatsUp Gold < 23.1.3 - Unauthenticated Path Traversal via AppProfileImport

CVE-2024-4885 CRITICAL KEV

Progress WhatsUp Gold < 23.1.3 - Unauthenticated Remote Code Execution via ExportUtilities.Export.GetFileWithoutZip

CVE-2024-4498 HIGH

parisneo/lollms-webui <latest - Path Traversal

CVE-2024-32111 MEDIUM

WordPress <6.5.4-6.0.8 - Path Traversal

CVE-2024-34313 CRITICAL

VPL Jail System <4.0.2 - Path Traversal

CVE-2024-33881 MEDIUM

VirtoSoftware Virto Bulk File Download 5.5.44 - NTLMv2 Hash Leak via UNC Path Traversal

CVE-2024-33879 CRITICAL

VirtoSoftware Virto Bulk File Download 5.5.44 - Path Traversal & Arbitrary File Deletion

CVE-2024-37825 MEDIUM

EnvisionWare Computer Access & Reservation Control SelfCheck <1.0 -...

Previous Page 110 of 367 Next

Details

Vulnerabilities 9,158

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy