Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,097 vulnerabilities with CWE-22

CVE-2026-36760 CRITICAL

JeeSite 5.15.1 - Authenticated Path Traversal and Arbitrary File Write via /a/file/upload fileMd5 Parameter

CVE-2026-22070 HIGH

ColorOS Assistant Path Traversal Vulnerability

CVE-2026-7445 MEDIUM

ZachHandley ZMCPTools MCP Log Resource ResourceManager.ts path traversal

CVE-2026-7404 HIGH

getsimpletool mcpo-simple-server base_manager.py delete_shared_prompt path traversal

CVE-2026-7403 MEDIUM

geldata gel-mcp server.py fetch_rule path traversal

CVE-2026-7400 HIGH

geekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversal

CVE-2026-7398 HIGH

florensiawidjaja BioinfoMCP Upload Endpoint app.py upload path traversal

CVE-2026-30893 CRITICAL

Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer

CVE-2026-7396 MEDIUM

NousResearch hermes-agent WeChat Work Platform Adapter wecom.py path traversal

CVE-2026-7386 HIGH

fatbobman mail-mcp-bridge mail_mcp_server.py path traversal

CVE-2026-5166 CRITICAL

Path Traversal in TUBITAK BILGEM's Pardus Software Center

CVE-2026-38993 MEDIUM

Cockpit < 2.14.0 - Authenticated Path Traversal and Arbitrary File Write via Buckets Component

CVE-2026-7384 HIGH

ezequiroga mcp-bases research_server.py search_papers path traversal

CVE-2026-42520 HIGH

Jenkins Project Jenkins Credentials Binding Plugin < 719.v80e905ef14eb_ - Remote Code Execution

CVE-2026-42249 CRITICAL

Remote Code Execution in Ollama via Update Mechanism

CVE-2026-7319 HIGH

elinsky execution-system-mcp add_action Tool server.py _get_context_file_path path traversal

CVE-2026-7318 MEDIUM

elie mcp-project research_server.py search_papers path traversal

CVE-2026-7315 HIGH

eiceblue spire-pdf-mcp-server PDF File server.py get_pdf_path path traversal

CVE-2026-7314 HIGH

eiceblue spire-doc-mcp-server base.py get_doc_path path traversal

CVE-2026-41911 MEDIUM

OpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_image

CVE-2026-41383 HIGH

OpenClaw < 2026.4.2 - Arbitrary Remote Directory Deletion via Mis-scoped Mirror Mode Paths

CVE-2026-7272 HIGH

WilliamCloudQi matlab-mcp-server MCP index.ts execute_matlab_code path traversal

CVE-2026-7271 MEDIUM

DV0x creative-ad-agent creative-ad-agent-server sdk-server.ts path traversal

CVE-2026-7237 HIGH

AgiFlow scaffold-mcp write-to-file Tool index.ts path traversal

CVE-2026-7235 MEDIUM

ErlichLiu claude-agent-sdk-master route.ts path traversal

Previous Page 14 of 364 Next

Details

Vulnerabilities 9,097

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy