Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,161 vulnerabilities with CWE-22

CVE-2024-24482 CRITICAL

apktool < 2.9.3 - Path Traversal via ../ and /.. Sequences

CVE-2024-22779 HIGH

Kihron ServerRPExposer <1.0.2 - RCE

CVE-2024-22096 MEDIUM

Rapid SCADA <5.8.4 - Path Traversal

CVE-2024-24756 HIGH

crafatar < 2.1.5 - Path Traversal via Public Directory Request

CVE-2024-21852 HIGH

Rapid SCADA < 5.8.4 - Remote Code Execution via Zip Slip in Configuration File Unpacking

CVE-2024-24569 MEDIUM

Pixee Java Code Security Toolkit <=1.1.1 - Path Traversal

CVE-2024-23652 CRITICAL

BuildKit < 0.12.5 - Path Traversal via RUN --mount Feature

CVE-2024-24579 MEDIUM

stereoscope <0.0.1 - Path Traversal

CVE-2024-24565 MEDIUM

CrateDB Database - Arbitrary File Read

CVE-2024-22523 HIGH

Qiyu iFair <23.8_ad0 - Path Traversal

CVE-2024-23334 MEDIUM

aiohttp - Directory Traversal

CVE-2024-23827 CRITICAL

nginx-ui - Unauthenticated Arbitrary File Write via Import Certificate Feature

CVE-2024-23822 MEDIUM

Thruk < 3.12 - Path Traversal via File Upload Form

CVE-2024-0989 MEDIUM

Sichuan Yougou Technology KuERP <1.0.4 - Path Traversal

CVE-2024-0697 MEDIUM

Backuply - WordPress <1.2.3 - Path Traversal

CVE-2024-0402 CRITICAL

GitLab 16.0-16.8.1 Path Traversal & Arbitrary File Write via Workspace

CVE-2024-0882 MEDIUM

qwdigital LinkWechat 5.1.0 - Path Traversal

CVE-2024-23904 HIGH

Jenkins Log Command Plugin < 1.0.2 - Unauthenticated Arbitrary File Read via Command Parser

CVE-2024-23899 MEDIUM

Jenkins Git Server Plugin < 99.va_0826a_b_cdfa_d - Arbitrary File Read via Command Parser

CVE-2024-23897 CRITICAL KEV

Jenkins cli Ampersand Replacement Arbitrary File Read

CVE-2024-22204 MEDIUM

Whoogle Search <0.8.3 - Path Traversal

CVE-2024-23182 HIGH

a-blog cms < 2.9.0 - Authenticated Path Traversal and Arbitrary File Deletion

CVE-2024-23340 MEDIUM

hono/node-server 1.3.0-1.4.1 - Path Traversal via serveStatic

CVE-2024-23768 HIGH

Dremio 22.0.0-22.2.2 23.0.0-23.2.3 24.0.0-24.3.0 - Authenticated Path Traversal

CVE-2024-0769 MEDIUM KEV

D-Link DIR-859 1.06B01 - Path Traversal

Previous Page 124 of 367 Next

Details

Vulnerabilities 9,161

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy