Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,161 vulnerabilities with CWE-22

CVE-2024-25386 HIGH

DICOM Connectivity Framework <2.7.6b - Path Traversal

CVE-2024-2045 MEDIUM

Session 1.17.5 - Local File Read via Chat Attachment

CVE-2024-25830 CRITICAL

F-logic DataCube3 v1.0 - Unauthenticated Path Traversal via Configuration File URI

CVE-2024-25065 CRITICAL

Apache OFBiz <18.12.12 - Path Traversal

CVE-2024-25006 HIGH

XenForo < 2.2.14 - Authenticated Path Traversal and Arbitrary File Write via Styles Import ZIP Archive

CVE-2024-23946 MEDIUM

Apache OFBiz < 18.12.12 - Path Traversal and Arbitrary File Inclusion

CVE-2024-25859 HIGH

Blesta < 5.9.2 - Path Traversal and Arbitrary Code Execution via Uploads Directory

CVE-2024-22723 MEDIUM

webtrees 2.1.18 - Authenticated Path Traversal via Media Folder Parameter

CVE-2024-0763 HIGH

AnythingLLM < 1.0.0 - Authenticated Path Traversal and Arbitrary Folder Deletion

CVE-2024-25711 HIGH

diffoscope < 256 - Directory Traversal via GPG Embedded Filename

CVE-2024-27081 HIGH

ESPHome <2024.2.1 - Authenticated RCE

CVE-2024-1886 LOW

LG webOS Signage - Path Traversal

CVE-2024-1165 MEDIUM

Brizy - Page Builder <2.4.39 - Path Traversal

CVE-2024-27318 HIGH

ONNX < 1.16.0 - Path Traversal via External Data Field

CVE-2024-26150 HIGH

Backstage backend-common < 0.19.10, 0.20.0-0.20.1 - Path Traversal via resolveSafeChildPath

CVE-2024-25461 HIGH

Terrasoft CRM <7.18.4.1532 - Info Disclosure

CVE-2024-1704 MEDIUM

ZhongBangKeJi CRMEB 5.2.2 - Path Traversal via /adminapi/system/crud

CVE-2024-1703 LOW

CRMEB 5.2.2 - Path Traversal via /adminapi/system/file/openfile

CVE-2024-1708 HIGH KEV

ConnectWise ScreenConnect Unauthenticated Remote Code Execution

CVE-2024-21891 HIGH

Node.js 20.0.0-20.11.1 - Path Traversal via Permission Model Bypass

CVE-2024-26129 MEDIUM

PrestaShop 8.1.0-8.1.4 - Path Disclosure in JavaScript Variable

CVE-2024-25123 HIGH

Mission Support System 5.0.0-8.3.2 - Path Traversal via Filename Parameter

CVE-2024-23479 CRITICAL

SolarWinds Access Rights Manager < 2023.2.3 - Unauthenticated Directory Traversal and Remote Code Execution

CVE-2024-23477 HIGH

SolarWinds Access Rights Manager < 2023.2.3 - Unauthenticated Directory Traversal and Remote Code Execution

CVE-2024-23476 CRITICAL

SolarWinds Access Rights Manager < 2023.2.3 - Unauthenticated Directory Traversal and Remote Code Execution

Previous Page 122 of 367 Next

Details

Vulnerabilities 9,161

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy