Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,205 vulnerabilities with CWE-22

CVE-2023-21415 MEDIUM

AXIS OS - Authenticated Path Traversal and Arbitrary File Deletion via VAPIX API overlay_del.cgi

CVE-2023-5588 LOW

kphrx pleroma - Path Traversal in Pleroma.Emoji.Pack

CVE-2023-38312 HIGH

Valve Counter-Strike 8684 - Path Traversal

CVE-2023-45855 HIGH

qdPM 9.2 - Path Traversal via /uploads URI

CVE-2023-32974 HIGH

QNAP QTS 5.1.0-5.1.0.2443, QuTS hero h5.1.0-h5.1.0.2423, QuTScloud c5.0.0.1919-c5.1.0.2497 - Path Traversal

CVE-2023-41682 HIGH

FortiSandbox 2.4-4.4.0 - Path Traversal and Denial of Service via Crafted HTTP Requests

CVE-2023-4990 HIGH

Espeak-ng Espeak NG < 1.52.0 - Path Traversal

CVE-2023-41373 CRITICAL

BIG-IP Configuration Utility - Path Traversal

CVE-2023-42796 HIGH

CP-8031 and CP-8050 Firmware < 05.11 - Authenticated Path Traversal via /sicweb-ajax/tmproot/ Endpoint

CVE-2023-45352 HIGH

Atos Unify OpenScape Common Management Portal V10 < R4.17.0/R5.1.0 - Path Traversal & Arbitrary File Write

CVE-2023-36123 HIGH

Hex-Dragon Plain Craft Launcher 2 <Alpha 1.3.9 - Path Traversal

CVE-2023-23366 HIGH

Music Station 5.3.0-5.3.21 - Authenticated Path Traversal

CVE-2023-23365 HIGH

QNAP Music Station 5.3.0-5.3.21 - Authenticated Path Traversal

CVE-2023-43070 MEDIUM

Dell SmartFabric Storage Software <1.4 - Path Traversal

CVE-2023-5399 CRITICAL

Schneider Electric SpaceLogic C-Bus Toolkit < 1.16.4 - Path Traversal via File Command

CVE-2023-3701 CRITICAL

Aqua Drive 2.4 - Authenticated Path Traversal

CVE-2023-3512 HIGH

Setelsa Security's ConacWin CB <3.8.2.2 - Path Traversal

CVE-2023-26152 HIGH

static-server < 3.0.0 - Path Traversal via validPath Function

CVE-2023-43627 MEDIUM

FurunoSystems ACERA 1310 and 1320 Firmware < 01.26 - Authenticated Path Traversal

CVE-2023-5327 LOW

SATO CL4NX-J Plus 1.13.2-u455_r2 - Path Traversal via /rest/dir/ full Parameter

CVE-2023-5257 LOW

WhiteHSBG JNDIExploit 1.4 - Path Traversal in HTTPServer handleFileRequest

CVE-2023-43662 HIGH

ShokoServer < 4.2.2 - Unauthenticated Arbitrary File Read via Image API Endpoint

CVE-2023-43044 MEDIUM

IBM License Metric Tool 9.2 - Path Traversal

CVE-2023-40026 MEDIUM

Argo CD < 2.3.0 - Unauthenticated Path Traversal and Information Disclosure via Helm Chart Path Prediction

CVE-2023-44172 CRITICAL

SeaCMS V12.9 - Arbitrary File Write via admin_weixin.php

Previous Page 141 of 369 Next

Details

Vulnerabilities 9,205

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy