Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,161 vulnerabilities with CWE-22

CVE-2024-31240 HIGH

InfoTheme WP Poll Maker <= 3.1 - Path Traversal

CVE-2024-2654 MEDIUM

WordPress File Manager <7.2.5 - Path Traversal

CVE-2024-1974 HIGH

HT Mega - Absolute Addons For Elementor <2.4.6 - Path Traversal

CVE-2024-1790 MEDIUM

WordPress Infinite Scroll - Ajax Load More <7.0.1 - Path Traversal

CVE-2024-31457 HIGH

gin-vue-admin < 0.0.0-20240409100909-b1b7427c6ea6 - Directory Traversal & Arbitrary Code Execution

CVE-2024-29053 HIGH

Microsoft Defender for IoT < 24.1.3 - Remote Code Execution

CVE-2024-31487 MEDIUM

FortiSandbox 2.4.0-4.2.6, 4.4.0-4.4.4 - Path Traversal via Crafted HTTP Requests

CVE-2024-23671 HIGH

Fortinet FortiSandbox 4.0.0-4.0.4, 4.2.1-4.2.6, 4.4.0-4.4.3 - Path Traversal via Crafted HTTP Requests

CVE-2024-2224 HIGH

Bitdefender Endpoint Security and GravityZone Control Center - Remote Code Execution via UpdateServer Path Traversal

CVE-2024-31978 HIGH

SINEC NMS < V2.0 SP2 - Path Traversal

CVE-2024-31860 MEDIUM

Apache Zeppelin <0.11.0 - Info Disclosure

CVE-2024-30417 HIGH

Huawei EMUI and HarmonyOS - Path Traversal via Bluetooth Sharing Module

CVE-2024-0406 MEDIUM

mholt/archiver 3.0.0-4.0.0 - Path Traversal and Arbitrary File Write via Crafted Tar Archive

CVE-2024-22328 HIGH

IBM Maximo Application Suite <8.11 - Path Traversal

CVE-2024-31851 HIGH

CData Sync < 23.4.8843 - Path Traversal

CVE-2024-31850 HIGH

CData Arc < 23.4.8839 - Path Traversal

CVE-2024-31849 CRITICAL

CData Connect < 23.4.8846 - Path Traversal

CVE-2024-31848 CRITICAL

CData API Server < 23.4.8844 - Path Traversal

CVE-2024-31220 HIGH

lizardbyte/sunshine 0.16.0-0.17.9 - Unauthenticated Path Traversal via node_modules Endpoint

CVE-2024-29672 HIGH

zly2006 Reden <0.2.514 - Path Traversal

CVE-2024-3311 MEDIUM

Dreamer CMS <4.1.3.0 - Path Traversal

CVE-2024-30270 MEDIUM

mailcow < 2024-04 - Authenticated Path Traversal and Arbitrary Code Execution via rspamd_maps()

CVE-2024-30254 MEDIUM

mesonlsp < 4.1.4 - Arbitrary File Write via Crafted Project or --full Mode

CVE-2024-25693 CRITICAL

Esri Portal for ArcGIS <= 11.2 - Authenticated Path Traversal

CVE-2024-27575 HIGH

INOTEC Sicherheitstechnik WebServer CPS220/64 <3.3.19 - Path Traversal

Previous Page 119 of 367 Next

Details

Vulnerabilities 9,161

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy