Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,161 vulnerabilities with CWE-22

CVE-2024-32163 MEDIUM

CMSeasy 7.7.7.9 - Remote Code Execution

CVE-2024-28073 HIGH

SolarWinds Serv-U < 15.4.2 - Authenticated Directory Traversal Remote Code Execution

CVE-2024-1132 HIGH

Keycloak >=21.1.0 <22.0.10 - Open Redirect via Wildcard Valid Redirect URIs

CVE-2024-32024 MEDIUM

kohya_ss 22.6.1-23.1.5 - Path Traversal in add_pre_postfix Function

CVE-2024-32023 MEDIUM

kohya_ss 22.6.1-23.1.5 - Path Traversal via find_and_replace Function

CVE-2024-31451 MEDIUM

DocsGPT < 0.8.1 - Unauthenticated Limited File Write in routes.py

CVE-2024-3573 CRITICAL

MLflow < 2.10.0 - Local File Inclusion via URI Scheme Parsing Bypass

CVE-2024-3571 HIGH

langchain-ai/langchain - Path Traversal

CVE-2024-1961 HIGH

vertaai/modeldb < latest - Path Traversal and Remote Code Execution via Artifact Path Parameter

CVE-2024-1594 HIGH

MLflow - Path Traversal via Artifact Location URI Fragment

CVE-2024-1593 HIGH

MLflow - Path Traversal via Semicolon Parameter Smuggling

CVE-2024-1560 HIGH

lfprojects mlflow < 2.9.2 - Path Traversal via Double Decoding in Artifact Deletion

CVE-2024-1558 HIGH

MLflow < 2.12.1 - Path Traversal via Source Parameter in _create_model_version()

CVE-2024-1483 HIGH

mlflow < 2.12.1 - Path Traversal via Artifact Location and Source Parameters

CVE-2024-3783 HIGH

WBSAirback 21.02.04 - Path Traversal

CVE-2024-3737 MEDIUM

nginxwebui < 4.2.4 - Path Traversal via dir Argument in findCountByQuery

CVE-2024-31462 MEDIUM

Stable-diffusion-webui <1.7.0 - Path Traversal

CVE-2024-32005 HIGH

NiceGUI <1.4.21 - Local File Inclusion

CVE-2024-3686 MEDIUM

DedeCMS 5.7.112-UTF8 - Path Traversal via update_guide.php files Parameter

CVE-2024-31818 CRITICAL

derbynet 9.0 - Remote Code Execution via Kiosk Page Parameter Path Traversal

CVE-2024-29502 MEDIUM

Secure Lockdown Multi Application Edition <v2.00.219 - Info Disclosure

CVE-2024-2221 CRITICAL

qdrant - Path Traversal and Arbitrary File Write via Snapshot Upload Endpoint

CVE-2024-1728 HIGH

gradio 4.18.0-4.19.2 - Path Traversal and Arbitrary File Read via UploadButton Queue Join Endpoint

CVE-2024-1511 CRITICAL

lollms_web_ui - Unauthenticated Path Traversal and Arbitrary File Write via Inadequate File Path Validation

CVE-2024-31287 MEDIUM

Media Library Folders < 8.1.8 - Path Traversal

Previous Page 118 of 367 Next

Details

Vulnerabilities 9,161

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy