Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,161 vulnerabilities with CWE-22

CVE-2024-34384 MEDIUM

SinaExtension for Elementor <3.5.1 - Path Traversal

CVE-2024-33628 HIGH

XforWooCommerce <2.0.2 - Path Traversal

CVE-2024-33568 HIGH

BdThemes Element Pack Pro < 7.19.3 - Path Traversal and Object Injection

CVE-2024-33560 CRITICAL

8theme XStore <9.3.8 - Path Traversal

CVE-2024-33557 HIGH

8theme XStore Core <= 5.3.8 - PHP Local File Inclusion via Path Traversal

CVE-2024-33541 MEDIUM

Better Elementor Addons <= 1.4.1 - PHP Local File Inclusion via Path Traversal

CVE-2024-36104 CRITICAL

Apache OFBiz <18.12.14 - Path Traversal

CVE-2024-27776 CRITICAL

MileSight DeviceHub - Path Traversal

CVE-2024-37032 HIGH

ollama < 0.1.34 - Path Traversal via Model Path Digest Validation Bypass

CVE-2024-35429 MEDIUM

ZKTeco ZKBio CVSecurity 6.1.1 - Path Traversal via eventRecord

CVE-2024-35428 HIGH

ZKTeco ZKBio CVSecurity 6.1.1 - Authenticated Path Traversal and Denial of Service via BaseMediaFile

CVE-2024-36267 HIGH

Redmine DMSF Plugin <3.1.4 - Path Traversal

CVE-2024-36427 HIGH

TARGIT Decision Suite <24.06.19002 - Authenticated Code Execution

CVE-2024-36362 MEDIUM

JetBrains TeamCity <2022.04.7-2024.03.2 - Path Traversal

CVE-2024-5433 MEDIUM

Campbell Scientific CSI Web Server - Path Traversal

CVE-2024-34854 CRITICAL

F-logic DataCube3 v1.0 - Path Traversal via File Upload in transceiver_schedule.php

CVE-2024-35324 CRITICAL

Douchat 4.0.5 - Arbitrary File Upload via Webuploader Preview Endpoint

CVE-2024-32944 LOW

UTAU < 0.4.19 - Path Traversal via Crafted Voicebank Installer

CVE-2024-28880 MEDIUM

MosP kintai kanri <4.6.6 - Info Disclosure

CVE-2024-35219 HIGH

OpenAPI Generator Online < 7.6.0 - Path Traversal and Arbitrary File Read/Delete via Output Folder Option

CVE-2024-5353 MEDIUM

Anji-plus AJ-Report <1.4.1 - Path Traversal

CVE-2024-36079 MEDIUM

Vaultize 21.07.27 - Authenticated Path Traversal via Filename Parameter

CVE-2024-5273 MEDIUM

Jenkins Report Info Plugin < 1.2 - Path Traversal via Workspace Directory

CVE-2024-35081 HIGH

LuckyFrameWeb 3.5.2 - Arbitrary File Deletion via fileName Parameter

CVE-2024-34060 HIGH

IRIS EVTX Module <1.0.0 - Remote Code Execution via EVTX Filename Handling

Previous Page 114 of 367 Next

Details

Vulnerabilities 9,161

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy