Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,206 vulnerabilities with CWE-22

CVE-2023-3698 HIGH

ASUSTOR Data Master < 4.0.6.ris1 - Unauthenticated Path Traversal and Arbitrary File Deletion via Printer Service

CVE-2023-3697 HIGH

ASUSTOR Data Master < 4.0.6.ris1 - Unauthenticated Path Traversal and Arbitrary File Write via Printer Service

CVE-2023-34217 HIGH

Moxa TN-4900 Firmware < 1.2.4 and TN-5900 Firmware < 3.3 - Arbitrary File Deletion via Certificate-Delete Function

CVE-2023-34216 HIGH

Moxa TN-4900 Firmware < 1.2.4 and TN-5900 Firmware < 3.3 - Arbitrary File Deletion via Key-Delete Function

CVE-2023-20229 HIGH

Cisco Duo Device Health App - Path Traversal

CVE-2023-40028 MEDIUM

Ghost < 5.59.1 - Authenticated Arbitrary File Read via Symlink Upload

CVE-2023-32004 HIGH

Node.js 20.0.0-20.4.9 - Path Traversal in Experimental Permission Model

CVE-2023-32003 MEDIUM

Node.js 20.0.0-20.4.9 - Path Traversal via fs.mkdtemp()

CVE-2023-21268 MEDIUM

Android - Path Traversal in MmsProvider.java

CVE-2023-40274 HIGH

Zola 0.13.0-0.17.2 - Path Traversal via URL Path Control Characters

CVE-2023-39402 CRITICAL

Huawei EMUI and HarmonyOS - Path Traversal in installd Module

CVE-2023-39401 CRITICAL

Huawei EMUI and HarmonyOS - Path Traversal in installd Module

CVE-2023-39400 CRITICAL

Huawei EMUI and HarmonyOS - Path Traversal in installd Module

CVE-2023-32563 CRITICAL

Ivanti Avalanche < 6.4.1 - Unauthenticated Remote Code Execution via RemoteControl Server

CVE-2023-39964 HIGH

1Panel 1.4.3-<1.5.0 - Arbitrary File Read via Unfiltered Path Parameter

CVE-2023-39957 HIGH

Nextcloud Talk Android < 17.0.0 - Path Traversal via Unprotected Intent

CVE-2023-38997 HIGH

OPNsense <23.7-23.4.2 - Path Traversal

CVE-2023-31450 MEDIUM

PRTG <23.2.84.1566 - Path Traversal

CVE-2023-31449 MEDIUM

PRTG <23.2.84.1566 - Path Traversal

CVE-2023-31448 MEDIUM

PRTG 23.2.84.1566- - Path Traversal

CVE-2023-38176 HIGH

Azure Arc-Enabled Servers - Privilege Escalation

CVE-2023-36534 CRITICAL

Zoom Desktop Client <5.14.7 - Privilege Escalation

CVE-2023-37646 HIGH

Bitberry File Opener v23.0 - Path Traversal via CAB File Extraction

CVE-2023-33756 HIGH

Foswiki < 2.1.7 - Path Traversal in SpreadSheetPlugin

CVE-2023-24698 HIGH

Foswiki 2.0.0-2.1.7 - Path Traversal via Crafted Web Request

Previous Page 145 of 369 Next

Details

Vulnerabilities 9,206

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy