Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,205 vulnerabilities with CWE-22

CVE-2023-37532 MEDIUM

HCL Commerce 9.1.8-9.1.13.2 - Path Traversal via Crafted URL

CVE-2023-46122 LOW

sbt < 1.9.7 - Path Traversal and Arbitrary File Write via IO.unzip

CVE-2023-44256 MEDIUM

FortiAnalyzer/FortiManager SSRF via Crafted HTTP Request

CVE-2023-5414 CRITICAL

Icegram Express <= 5.6.23 - Authenticated Path Traversal via show_es_logs Function

CVE-2023-4274 HIGH

Migration, Backup, Staging - WPvivid < 0.9.90 - Authenticated Directory Traversal via Arbitrary Directory Deletion

CVE-2023-45823 HIGH

Artifact Hub < 1.16.0 - Path Traversal via Symbolic Link Processing

CVE-2023-45278 CRITICAL

Yamcs 5.8.6 - Path Traversal via Storage API DELETE Request

CVE-2023-45277 HIGH

Yamcs 5.8.6 - Path Traversal in Storage API

CVE-2023-35187 HIGH

SolarWinds Access Rights Manager < 2023.2.0.73 - Unauthenticated Path Traversal and Remote Code Execution

CVE-2023-35185 MEDIUM

SolarWinds Access Rights Manager < 2023.2.0.73 - Directory Traversal Remote Code Execution

CVE-2023-31046 MEDIUM

PaperCut NG <22.1.1 - Path Traversal

CVE-2023-5241 CRITICAL

WPBot AI ChatBot <=4.8.9,4.9.2 - Authenticated Directory Traversal

CVE-2023-5212 CRITICAL

WPBot AI ChatBot <=4.8.9/4.9.2 - Authenticated Arbitrary File Deletion

CVE-2023-43801 MEDIUM

Arduino Create Agent <1.3.3 - Privilege Escalation

CVE-2023-43803 MEDIUM

Arduino Create Agent <1.3.3 - File Deletion

CVE-2023-43802 HIGH

Arduino Create Agent <1.3.3 - Privilege Escalation

CVE-2023-45383 HIGH

SoNice Etiquetage < 2.5.9 - Unauthenticated Path Traversal

CVE-2023-39332 CRITICAL

Node.js 20.0.0-20.7.9 - Path Traversal via Uint8Array Path Handling

CVE-2023-39331 HIGH

Node.js 20.0.0-20.8.1 - Path Traversal via Experimental Permission Model

CVE-2023-34208 MEDIUM

EasyUse MailHunter Ultimate < 2023 - Authenticated Path Traversal via Crafted ZIP Archive

CVE-2023-43121 HIGH

Chalet EXOS <32.5.1.5-31.7.2 - Path Traversal

CVE-2023-45689 MEDIUM

Titan MFT and SFTP Server < 2.0.18 - Authenticated Path Traversal

CVE-2023-45688 MEDIUM

Titan MFT and SFTP Server < 2.0.18 - Authenticated Path Traversal via FTP SIZE Command

CVE-2023-45686 HIGH

Titan MFT and Titan SFTP < 2.0.18 - Authenticated Path Traversal via WebDAV

CVE-2023-45685 CRITICAL

South River Technologies Titan MFT and SFTP Servers < 2.0.18 - Authenticated Path Traversal via Zip Archive Extraction

Previous Page 140 of 369 Next

Details

Vulnerabilities 9,205

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy