Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,161 vulnerabilities with CWE-22

CVE-2024-27770 HIGH

Unitronics Unistream Unilogic <1.35.227 - Path Traversal

CVE-2024-27768 CRITICAL

Unitronics Unistream Unilogic <1.35.227 - Path Traversal

CVE-2024-2294 MEDIUM

Backuply - Backup, Restore, Migrate and Clone <= 1.2.7 - Directory Traversal via backup_name Parameter

CVE-2024-25156 MEDIUM

GoAnywhere MFT <7.4.2 - Path Traversal

CVE-2024-22398 MEDIUM

SonicWall Email Security Appliance - Path Traversal

CVE-2024-27102 CRITICAL

Pterodactyl Wings < 1.11.9 - Path Traversal

CVE-2024-1358 HIGH

Elementor Addon Elements < 1.12.12 - Authenticated Path Traversal via Render Function

CVE-2024-25154 MEDIUM

FileCatalyst Direct <3.8.8 - Path Traversal

CVE-2024-27317 HIGH

Pulsar Functions Worker - Path Traversal

CVE-2024-21400 CRITICAL

Microsoft Confidential Containers < 0.3.3 - Elevation of Privilege via Path Traversal

CVE-2024-1303 MEDIUM

Badger Meter Monitool < 4.7 - Authenticated Path Traversal via Download-File Functionality

CVE-2024-27279 MEDIUM

a-blog cms <= 2.10.51 - Authenticated Path Traversal

CVE-2024-27121 HIGH

Machine Automation Controller NJ Series/NX Series - Path Traversal

CVE-2024-2318 MEDIUM

ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028 - Path Traversal via Service Port 9999 File Download

CVE-2024-23216 HIGH

macOS < 12.7.4, < 13.6.5, < 14.4 - Arbitrary File Write via Path Handling Issue

CVE-2024-0818 CRITICAL

paddlepaddle < 2.6.0 - Arbitrary File Overwrite via Path Traversal

CVE-2024-28222 CRITICAL

Veritas NetBackup < 8.1.2 and NetBackup Appliance < 3.1.2 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2024-28151 MEDIUM

Jenkins HTML Publisher Plugin <= 1.32 - Path Traversal via Symbolic Link Handling

CVE-2024-27765 HIGH

jeewms < 3.7 - Path Traversal via cgformTemplateController

CVE-2024-27764 CRITICAL

jeewms < 3.7 - Path Traversal via AuthInterceptor Component

CVE-2024-25614 MEDIUM

ArubaOS 8.10.0.0-8.10.0.9 - Arbitrary File Deletion via CLI

CVE-2024-25164 HIGH

idurar 2.0.0 - Unauthenticated Path Traversal via Download Functionality

CVE-2024-27199 HIGH KEV

TeamCity < 2023.11.4 - Authentication Bypass

CVE-2024-28088 HIGH

langchain < 0.1.12 and langchain-core < 0.1.30 - Path Traversal via load_chain Path Parameter

CVE-2024-24307 HIGH

Product Designer < 1.178.36 - Path Traversal via ajaxProcessCropImage()

Previous Page 121 of 367 Next

Details

Vulnerabilities 9,161

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy