Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,161 vulnerabilities with CWE-22

CVE-2024-23540 MEDIUM

HCL BigFix Inventory - Path Traversal

CVE-2024-20352 MEDIUM

Cisco Emergency Responder - Path Traversal

CVE-2024-20348 HIGH

Cisco Nexus Dashboard Fabric Controller - Info Disclosure

CVE-2024-29434 HIGH

Alldata v0.4.6 - Path Traversal via System Image Upload Interface

CVE-2024-25944 MEDIUM

Dell OpenManage Enterprise < 4.0.1 - Unauthenticated Path Traversal

CVE-2024-30492 MEDIUM

WebToffee Import Export <2.5.2 - Path Traversal

CVE-2024-3078 MEDIUM

qdrant < 1.6.1/1.7.4/1.8.2 - Path Traversal in Full Snapshot REST API

CVE-2024-0980 HIGH

Okta Verify for Windows < 4.10.7 - Arbitrary Code Execution via Auto-Update Service

CVE-2024-28335 CRITICAL

Lektor < 3.3.11 - Remote Code Execution via DB Path Traversal

CVE-2024-2210 MEDIUM

The Plus Addons for Elementor <5.4.1 - Code Injection

CVE-2024-2203 MEDIUM

The Plus Addons for Elementor <5.4.1 - Code Injection

CVE-2024-25136 HIGH

AutomationDirect C-MORE EA9 HMI - Path Traversal

CVE-2024-29196 LOW

phpMyFAQ 3.2.5 - Authenticated Path Traversal via Attachment Upload

CVE-2024-2863 MEDIUM

LG LED Assistant - Thumbnail Path Traversal File Upload

CVE-2024-2227 CRITICAL

JavaServer Faces 2.2.20 - Path Traversal

CVE-2024-28171 HIGH

diaenergie < 1.10.00.005 - Path Traversal and Arbitrary File Write

CVE-2024-25567 HIGH

Deltaww DIAENERGIE <= 1.10.00.005 - Path Traversal

CVE-2024-27921 HIGH

Grav < 1.7.45 - Path Traversal and Arbitrary File Write via File Upload

CVE-2024-29180 HIGH

Webpack-dev-middleware <7.1.0, 6.1.2, 5.3.4 - Info Disclosure

CVE-2024-1142 MEDIUM

Sonatype IQ Server <171 - Path Traversal

CVE-2024-23721 HIGH

Draytek Vigor3910 Firmware < 4.3.2.5 - Path Traversal via process_post

CVE-2024-21677 HIGH

Confluence Data Center and Server 6.13.0-7.19.19 - Unauthenticated Path Traversal

CVE-2024-24043 MEDIUM

Speedy11CZ MCRPX <1.4.0 - Path Traversal

CVE-2024-24042 HIGH

ARRP < 0.8.2 - Remote Code Execution via dumpDirect in RuntimeResourcePackImpl

CVE-2024-27771 HIGH

Unitronics Unistream Unilogic -1.35.227 - Path Traversal

Previous Page 120 of 367 Next

Details

Vulnerabilities 9,161

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy