Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,161 vulnerabilities with CWE-22

CVE-2024-26261 CRITICAL

HGiga OAKlouds < 2.0.188/3.0 < 3.0.188 & WebBase < 2.0.1051/3.0 < 3.0.1051 - Unauthenticated Arbitrary File Read/Delete

CVE-2024-25620 MEDIUM

Helm < 3.14.1 - Path Traversal via Chart.yaml Name Field

CVE-2024-23607 MEDIUM

F5OS-A 1.3.0-1.3.9 and F5OS-C 1.3.0-1.5.9 - Authenticated Path Traversal via QKView Utility

CVE-2024-23787 MEDIUM

Sharp JH-RVB1/JH-RV11 Firmware < B0.1.9.1 - Unauthenticated Path Traversal

CVE-2024-25125 MEDIUM

Treasure Data's digdag <0.10.5.1 - Path Traversal

CVE-2024-1485 HIGH

devfile/registry-support < 0.0.0-20240206 - Unauthenticated Path Traversal via Malicious Archive Decompression

CVE-2024-1082 MEDIUM

GitHub Enterprise Server < 3.8.15 - Path Traversal via GitHub Pages Symbolic Link Deployment

CVE-2024-1163 HIGH

mapshaper < 0.6.44 - Path Traversal

CVE-2024-23833 HIGH

OpenRefine < 3.7.8 - Path Traversal via JDBC Query

CVE-2024-22226 LOW

Dell Unity Operating Environment < 5.4.0.0.5.094 - Authenticated Path Traversal via svc_supportassist Utility

CVE-2024-1433 LOW

KDE Plasma Workspace < 5.93.0 - Path Traversal in Theme File Handler

CVE-2024-24311 HIGH

Linea Grafica Multilingual and Multistore Sitemap Pro < 1.6.6 - Unauthenticated Path Traversal

CVE-2024-0849 MEDIUM

Leanote 2.7.0 - Path Traversal

CVE-2024-22514 HIGH

iSpyConnect.com Agent DVR <5.1.6.0 - Code Injection

CVE-2024-24591 HIGH

Allegro AI's ClearML <1.14.1 - Path Traversal

CVE-2024-24942 MEDIUM

JetBrains TeamCity <2023.11.3 - Path Traversal

CVE-2024-24940 LOW

JetBrains IntelliJ IDEA <2023.3.3 - Path Traversal

CVE-2024-24938 MEDIUM

JetBrains TeamCity <2023.11.2 - Path Traversal

CVE-2024-23673 HIGH

Apache Sling Servlets Resolver < 2.11.0 - Path Traversal and Remote Code Execution

CVE-2024-24398 CRITICAL

Stimulsoft Dashboard.JS < 2024.1.2 - Path Traversal via Save Function FileName Parameter

CVE-2024-0964 CRITICAL

Gradio < 4.9.0 - Path Traversal via API Request JSON Value

CVE-2024-0380 MEDIUM

WP Recipe Maker <= 9.1.0 - Authenticated Path Traversal and Cross-Site Scripting via Icon Shortcode Attribute

CVE-2024-0221 CRITICAL

Photo Gallery by 10Web < 1.8.19 - Authenticated Path Traversal via rename_item Function

CVE-2024-0844 MEDIUM

Popup More Popups, Lightboxes - Local File Inclusion

CVE-2024-22851 HIGH

liveconfig < 2.5.2 - Path Traversal via /static/ Endpoint

Previous Page 123 of 367 Next

Details

Vulnerabilities 9,161

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy