Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,168 vulnerabilities with CWE-22

CVE-2023-42791 HIGH

Fortinet FortiManager Path Traversal via Crafted HTTP Requests

CVE-2023-49508 MEDIUM

YetiForceCRM < 6.5.0 - Authenticated Path Traversal via LibraryLicense.php License Parameter

CVE-2023-5123 HIGH

Grafana JSON Datasource < - Path Traversal

CVE-2023-35003 MEDIUM

Intel(R) VROC <8.0.8.1001 - Privilege Escalation

CVE-2023-6294 HIGH

Popup Builder < 4.2.6 - Authenticated Server-Side Request Forgery via Unvalidated Parameter

CVE-2023-40264 MEDIUM

Unify OpenScape Voice Trace Manager V8 < R0.9.11 - Authenticated Path Traversal

CVE-2023-40266 CRITICAL

Unify OpenScape Xpressions WebAssistant 7.0-7r1_fr5_hf42_p911 - Path Traversal

CVE-2023-6989 CRITICAL

Shield Security < 18.5.10 - Unauthenticated Local File Inclusion via render_action_template Parameter

CVE-2023-7216 MEDIUM

GNU cpio - Path Traversal via Symlink Handling

CVE-2023-52138 HIGH

Engrampa < 1.26.2 - Path Traversal and Remote Code Execution via CPIO Archive Symlink Handling

CVE-2023-7077 CRITICAL

Sharp NEC Displays - Remote Code Execution via HTTP Request Parameter Injection

CVE-2023-45027 MEDIUM

QNAP QTS, QuTS hero, and QuTScloud - Authenticated Path Traversal and Sensitive Data Exposure

CVE-2023-45026 MEDIUM

QNAP QTS, QuTS hero, and QuTScloud - Authenticated Path Traversal and Sensitive Data Exposure

CVE-2023-39611 HIGH

Software FX Chart FX 7.0.4962.20829 - Path Traversal and Arbitrary File Read

CVE-2023-38019 HIGH

IBM SOAR QRadar Plugin App 1.0-5.0.3 - Path Traversal via URL Request

CVE-2023-5390 MEDIUM

Honeywell ControlEdge Unit Operations Controller Firmware - Path Traversal

CVE-2023-30970 MEDIUM

Gotham Table service & Forward App - Path Traversal

CVE-2023-41474 MEDIUM

Ivanti Avalanche <6.3.4.153 - Path Traversal

CVE-2023-52076 HIGH

Atril Document Viewer <1.26.2 - Path Traversal

CVE-2023-50785 LOW

ManageEngine ADAudit Plus < 7270 - Authenticated Path Traversal

CVE-2023-44395 MEDIUM

Autolab < 2.12.0 - Path Traversal in Assessment Functionality

CVE-2023-35020 MEDIUM

IBM Sterling Control Center 6.3.0 - Path Traversal via URL Request

CVE-2023-5097 HIGH

HYPR Workforce Access <8.7 - Path Traversal

CVE-2023-2252 LOW

Directorist < 7.5.4 - Local File Inclusion via CSV Import File Parameter

CVE-2023-6623 CRITICAL

Essential Blocks <4.4.3 - Code Injection

Previous Page 131 of 367 Next

Details

Vulnerabilities 9,168

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy