Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,161 vulnerabilities with CWE-22

CVE-2024-5187 HIGH

ONNX 1.16.0 - Path Traversal and Arbitrary File Overwrite via Tar Extraction

CVE-2024-4881 HIGH

lollms < 5.9.0 - Path Traversal via Backslash Handling in /user_infos Endpoint

CVE-2024-4320 CRITICAL

lollms_web_ui - Remote Code Execution via Extension Install Name Parameter

CVE-2024-3429 CRITICAL

lollms < 9.6 - Path Traversal via Insufficient Input Sanitization

CVE-2024-3322 CRITICAL

Parisneo/lollms-webui <9.5 - Path Traversal

CVE-2024-3234 CRITICAL

gaizhenbiao/chuanhuchatgpt < 20240305 - Path Traversal via Outdated Gradio Component

CVE-2024-2928 HIGH

MLflow < 2.11.3 - Path Traversal

CVE-2024-2624 CRITICAL

parisneo/lollms-webui - Path Traversal

CVE-2024-2548 HIGH

lollms_web_ui < 9.5 - Path Traversal via User Infos Endpoint

CVE-2024-2362 CRITICAL

lollms_web_ui 9.3 - Path Traversal and Arbitrary File Deletion via del_preset Endpoint

CVE-2024-2360 CRITICAL

lollms_web_ui - Path Traversal and Remote Code Execution via Database and PDF LaTeX Path Settings

CVE-2024-23793 MEDIUM

OTRS <7.0.49, 8.0.X, 2023.X, <2024.3.2 - Path Traversal

CVE-2024-1873 CRITICAL

lollms_web_ui a9d16b0 - Path Traversal and Denial of Service via /select_database Endpoint

CVE-2024-0520 HIGH

mlflow/mlflow <8.2.1 - Command Injection

CVE-2024-5505 HIGH

NETGEAR ProSAFE NMS < 1.7.0.37 - Authenticated RCE via Path Traversal

CVE-2024-4941 HIGH

gradio-app/gradio <4.25 - Local File Inclusion

CVE-2024-2914 HIGH

deepjavalibrary/djl <0.27.0 - Path Traversal

CVE-2024-34832 CRITICAL

CubeCart < 6.5.5 - Path Traversal and Arbitrary Code Execution via _g and node Parameters

CVE-2024-28995 HIGH KEV

SolarWinds Serv-U - Directory Traversal

CVE-2024-5153 CRITICAL

Startklar Elementor Addons <1.7.15 - Path Traversal

CVE-2024-5179 HIGH

Cowidgets - Elementor Addons <1.1.1 - Code Injection

CVE-2024-35634 MEDIUM

Wow-Company Woocommerce - Recent Purchases < 1.0.1 - PHP Local File Inclusion via Path Traversal

CVE-2024-34554 HIGH

Select-Themes Stockholm Core <2.4.1 - Path Traversal

CVE-2024-34552 HIGH

Select-Themes Stockholm <9.6 - Path Traversal

CVE-2024-34551 CRITICAL

Select-Themes Stockholm <9.6 - Path Traversal

Previous Page 113 of 367 Next

Details

Vulnerabilities 9,161

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy