Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,097 vulnerabilities with CWE-22

CVE-2026-7784 HIGH

RTGS2017 NagaAgent Skills Endpoint extensions.py path traversal

CVE-2026-6321 HIGH

fast-uri vulnerable to path traversal via percent-encoded dot segments

CVE-2026-42080 MEDIUM

PPTAgent: Arbitrary File Write via `save_generated_slides`

CVE-2026-42078 MEDIUM

PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image

CVE-2026-42075 HIGH

Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write

CVE-2026-7738 MEDIUM

puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal

CVE-2026-7728 MEDIUM

ryanjoachim mcp-rtfm MCP update_doc path traversal

CVE-2026-7715 MEDIUM

ravenwits mcp-server-arangodb MCP tools.ts arango_backup path traversal

CVE-2026-7704 MEDIUM

AV Stumpfl Pixera Two Media Server Service Port 1338 path traversal

CVE-2026-7680 MEDIUM

jsbroks COCO Annotator Data Endpoint datasets.py path traversal

CVE-2026-7676 MEDIUM

kerwincui FastBee Tool Download Endpoint ToolController.java ToolController.download path traversal

CVE-2026-7645 MEDIUM

ruvnet sublinear-time-solver MCP server.js export_state path traversal

CVE-2026-6320 HIGH

Salon Booking System – Free Version <= 10.30.25 - Unauthenticated Arbitrary File Read via Booking File Field Path Traversal

CVE-2026-7627 MEDIUM

8nite metatrader-4-mcp sync_ea_from_file index.ts CallToolRequestSchema path traversal

CVE-2026-7599 MEDIUM

Dayoooun hwpx-mcp MCP index.ts export_to_html path traversal

CVE-2026-7594 HIGH

Flux159 mcp-game-asset-gen MCP index.ts image_to_3d_async path traversal

CVE-2026-7589 MEDIUM

ghantakiran splunk-mcp-integration CSV Export csv_export.py create_csv_export path traversal

CVE-2026-7588 MEDIUM

ggerve coding-standards-mcp server.py get_best_practices path traversal

CVE-2026-37531 CRITICAL

AGL app-framework-main <=17.1.12 - Path Traversal

CVE-2026-7519 HIGH

Fujian Apex LiveBOS Endpoint UploadImage.do path traversal

CVE-2026-5656 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Wireshark

CVE-2026-3345 MEDIUM

IBM Langflow Desktop API v2 File Upload - Path Traversal

CVE-2026-4502 MEDIUM

IBM Langflow Desktop - Path Traversal Arbitrary File Write

CVE-2026-36762 HIGH

JeeSite 5.15.1 - Authenticated Path Traversal and Arbitrary File Write via fileEntityId Parameter

CVE-2026-36767 CRITICAL

shopizer < 2.16.0 - Path Traversal and Arbitrary File Write via /content/images/add Endpoint

Previous Page 13 of 364 Next

Details

Vulnerabilities 9,097

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy