Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,158 vulnerabilities with CWE-22

CVE-2024-34129 HIGH

Acrobat Mobile Sign Android <24.4.2.33155 - Path Traversal

CVE-2024-4576 MEDIUM

TIBCO EBX < 5.9.25 - Path Traversal

CVE-2024-37037 HIGH

Sage RTU Firmware < c3414-500-s02k5_p9 - Authenticated Path Traversal via Crafted HTTP Request

CVE-2024-5154 HIGH

cri-o - Path Traversal via Symbolic Link

CVE-2024-4315 CRITICAL

parisneo/lollms < 9.5 - Local File Inclusion via Windows Path Traversal

CVE-2024-37169 MEDIUM

jmondi/url-to-png < 2.0.3 - Arbitrary File Read via Playwright Screenshot Feature

CVE-2024-36418 HIGH

SuiteCRM <7.14.4-8.6.1 - Authenticated RCE

CVE-2024-35754 HIGH

Ovic Importer <= 1.6.3 - Path Traversal

CVE-2024-35745 HIGH

Strategery Migrations < 1.0 - Path Traversal and Arbitrary File Deletion

CVE-2024-35744 HIGH

Upunzipper <= 1.0.0 - Path Traversal and Arbitrary File Deletion

CVE-2024-35743 HIGH

SC filechecker < 0.6 - Path Traversal and Arbitrary File Deletion

CVE-2024-35712 MEDIUM

Jordy Meow Database Cleaner <= 1.0.5 - Path Traversal

CVE-2024-35677 CRITICAL

StylemixThemes MegaMenu <= 2.3.12 - Unauthenticated PHP Local File Inclusion via Path Traversal

CVE-2024-35658 HIGH

ThemeHigh Checkout Field Editor for WooCommerce (Pro) <= 3.6.2 - Path Traversal & File Deletion

CVE-2024-35474 MEDIUM

iceice666 ResourcePack Server <v1.0.8 - Info Disclosure

CVE-2024-34762 CRITICAL

WPENGINE INC Advanced Custom Fields PRO <6.2.10 - Path Traversal

CVE-2024-32703 HIGH

ARForms <= 6.4 - Path Traversal and Arbitrary File Deletion

CVE-2024-32778 HIGH

Contest Gallery <= 21.3.4 - Path Traversal and Arbitrary File Deletion

CVE-2024-5637 HIGH

WordPress Market Exporter <2.0.19 - Info Disclosure

CVE-2024-5481 MEDIUM

Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated Path Traversal via esc_dir Function

CVE-2024-36795 MEDIUM

Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 - Info Disclosure

CVE-2024-5550 MEDIUM

h2o 3.40.0.4 - Unauthenticated Path Traversal via Typeahead API

CVE-2024-5187 HIGH

ONNX 1.16.0 - Path Traversal and Arbitrary File Overwrite via Tar Extraction

CVE-2024-4881 HIGH

lollms < 5.9.0 - Path Traversal via Backslash Handling in /user_infos Endpoint

CVE-2024-4320 CRITICAL

lollms_web_ui - Remote Code Execution via Extension Install Name Parameter

Previous Page 112 of 367 Next

Details

Vulnerabilities 9,158

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy