Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,206 vulnerabilities with CWE-22

CVE-2023-33777 MEDIUM

Prestashop amazon <5.2.24 - Path Traversal

CVE-2023-26045 CRITICAL

NodeBB 2.5.0-2.8.6 - Remote Code Execution via User Export Path Traversal

CVE-2023-34478 CRITICAL

Apache Shiro < 1.12.0 - Path Traversal and Authentication Bypass via Non-Normalized Request Routing

CVE-2023-38633 MEDIUM

librsvg 2.42.3-2.46.6 - Directory Traversal via URL Decoder

CVE-2023-3813 HIGH

Jupiter X Core <2.5.0 - Info Disclosure

CVE-2023-30200 HIGH

Advancedplugins Ultimateimagetool < 2.1.03 - Path Traversal

CVE-2023-37601 HIGH

Office Suite Premium 10.9.1.42602 - Local File Inclusion via /etc/hosts

CVE-2023-31461 HIGH

SteelSeries GG <36.0.0 - Path Traversal

CVE-2023-2913 HIGH

Rockwell Automation ThinManager 13.0.0-13.0.1 - Path Traversal via API Feature

CVE-2023-37476 MEDIUM

OpenRefine <= 3.7.3 - Remote Code Execution via Malicious Project Tar File Import

CVE-2023-37781 MEDIUM

EMQX v4.3.8 - Path Traversal via Crafted .txt File Upload

CVE-2023-37461 MEDIUM

Metersphere < 2.10.3 - Path Traversal and Arbitrary File Write via BelongType Parameter

CVE-2023-38337 HIGH

rswag < 2.10.1 - Path Traversal and Arbitrary File Read via API Specification Endpoint

CVE-2023-37474 HIGH

copyparty < 1.8.2 - Path Traversal via .cpr Subfolder

CVE-2023-35069 HIGH

Bullwark Momentum Series < BLW-2016E-960H - Path Traversal

CVE-2023-34135 MEDIUM

SonicWall GMS & Analytics <9.3.2-SP1 - Path Traversal

CVE-2023-34129 HIGH

SonicWall GMS <9.3.2-SP1, Analytics <2.5.0.4-R7 - Path Traversal

CVE-2023-34125 MEDIUM

GMS <9.3.2-SP1 & Analytics <2.5.0.4-R7 - Path Traversal

CVE-2023-26564 CRITICAL

Syncfusion EJ2 ASPCore File Provider 3ac357f - Path Traversal

CVE-2023-26563 CRITICAL

Syncfusion EJ2 Node File Provider 0102271 - Path Traversal

CVE-2023-37960 MEDIUM

Jenkins MathWorks Polyspace Plugin < 1.0.5 - Arbitrary File Read via Email Attachment

CVE-2023-22887 MEDIUM

Apache Airflow < 2.6.3 - Authenticated Path Traversal via run_id Parameter

CVE-2023-34117 LOW

Zoom Client SDK <5.15.0 - Info Disclosure

CVE-2023-25606 MEDIUM

FortiAnalyzer and FortiManager 6.4.0-6.4.11, 7.0.0-7.0.5, 7.2.0-7.2.1 - Authenticated Path Traversal

CVE-2023-33989 HIGH

SAP NetWeaver (BI CONT ADD ON) <757 - Path Traversal

Previous Page 147 of 369 Next

Details

Vulnerabilities 9,206

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy