Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,161 vulnerabilities with CWE-22

CVE-2024-1629 MEDIUM

Common Service Desktop - Path Traversal

CVE-2024-34712 MEDIUM

Oceanic.js < 1.10.4 - Path Traversal via Unencoded API Endpoint Input

CVE-2024-27946 MEDIUM

RUGGEDCOM CROSSBOW < V5.5 - Authenticated Arbitrary File Overwrite via File Download

CVE-2024-4790 MEDIUM

DedeCMS 5.7.114 - Path Traversal via sys_verifies.php filename Parameter

CVE-2024-4701 CRITICAL

Genie < 4.3.18 - Path Traversal and Remote Code Execution

CVE-2024-35205 HIGH

WPS Office <17.0.0 - Privilege Escalation

CVE-2024-34245 MEDIUM

dedecms v5.7.114 - Authenticated Arbitrary File Read via makehtml_js_action.php

CVE-2024-27827 MEDIUM

macOS Sonoma <14.5 - Info Disclosure

CVE-2024-27821 MEDIUM

iPadOS < 17.5 - Unprotected User Data Exposure via Path Handling Issue

CVE-2024-27810 MEDIUM

iPadOS < 17.5 - Path Traversal

CVE-2024-24908 MEDIUM

Dell PowerProtect DM5500 <5.15.0.0 - Path Traversal

CVE-2024-32113 CRITICAL KEV

Apache OFBiz <18.12.13 - Path Traversal

CVE-2024-34315 HIGH

CmsEasy <7.7.7.9 - Local File Inclusion

CVE-2024-34523 HIGH

AChecker 1.5 - Unauthenticated Path Traversal via download.php path parameter

CVE-2024-4346 CRITICAL

Startklar Elementor Addons <1.7.13 - Path Traversal

CVE-2024-32807 HIGH

Sendinblue for WooCommerce <4.0.17 - Path Traversal

CVE-2024-34471 MEDIUM

HSC Mailinspector <5.2.17-3 - Path Traversal

CVE-2024-32982 HIGH

Litestar < 2.8.3, < 2.7.2, < 2.6.4 - Path Traversal in Static File Serving

CVE-2024-30851 MEDIUM

Jasmin Ransomware Web Server Unauthenticated SQL Injection

CVE-2024-34033 HIGH

Delta Electronics DIAEnergie - Path Traversal

CVE-2024-3107 MEDIUM

Spectra - WordPress Gutenberg Blocks <2.12.6 - Path Traversal

CVE-2024-31965 MEDIUM

Mitel 6800/6900 SIP Phones Path Traversal Vulnerability

CVE-2024-33274 HIGH

FME Modules customfields <2.2.7 - Path Traversal

CVE-2024-23774 HIGH

Quest KACE Agent for Windows <13.1.23.0 - Code Injection

CVE-2024-23773 HIGH

Quest KACE Agent <13.1.23.0 - Privilege Escalation

Previous Page 116 of 367 Next

Details

Vulnerabilities 9,161

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy