Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,214 vulnerabilities with CWE-22

CVE-2023-34125 MEDIUM

GMS <9.3.2-SP1 & Analytics <2.5.0.4-R7 - Path Traversal

CVE-2023-26564 CRITICAL

Syncfusion EJ2 ASPCore File Provider 3ac357f - Path Traversal

CVE-2023-26563 CRITICAL

Syncfusion EJ2 Node File Provider 0102271 - Path Traversal

CVE-2023-37960 MEDIUM

Jenkins MathWorks Polyspace Plugin < 1.0.5 - Arbitrary File Read via Email Attachment

CVE-2023-22887 MEDIUM

Apache Airflow < 2.6.3 - Authenticated Path Traversal via run_id Parameter

CVE-2023-34117 LOW

Zoom Client SDK <5.15.0 - Info Disclosure

CVE-2023-25606 MEDIUM

FortiAnalyzer and FortiManager 6.4.0-6.4.11, 7.0.0-7.0.5, 7.2.0-7.2.1 - Authenticated Path Traversal

CVE-2023-33989 HIGH

SAP NetWeaver (BI CONT ADD ON) <757 - Path Traversal

CVE-2023-35887 MEDIUM

Apache MINA SSHD < 2.9.3 - Path Traversal via Parent Navigation

CVE-2023-1183 MEDIUM

LibreOffice < 7.4.6 - Path Traversal and Arbitrary File Write via ODB Script Command

CVE-2023-37288 MEDIUM

SmartBPM.NET - Unauthenticated Path Traversal via File Download Function

CVE-2023-36460 CRITICAL

Mastodon <3.5.9, <4.0.5, <4.1.3 - Remote Code Execution

CVE-2023-23907 HIGH

Milesight VPN <2.0.2 - Path Traversal

CVE-2023-23547 MEDIUM

Milesight UR32L v32.3.0.5 - Path Traversal via luci2-io File-Export MIB Functionality

CVE-2023-30678 MEDIUM

Samsung Calendar < 12.4.07.15 - Path Traversal and Arbitrary File Write

CVE-2023-24256 HIGH

NIO EC6 Aspen <v3.3.0 - Privilege Escalation

CVE-2023-36827 HIGH

Fides < 2.15.1 - Path Traversal

CVE-2023-36822 MEDIUM

Uptime Kuma <1.22.1 - Path Traversal

CVE-2023-35975 MEDIUM

ArubaOS 6.5.4.0-8.6.0.21 - Authenticated Path Traversal via Command Line Interface

CVE-2023-2880 HIGH

Frauscher Sensortechnik GmbH FDS001 - Path Traversal

CVE-2023-36819 MEDIUM

Knowage 6.0.0-8.1.7 - Authenticated Path Traversal via _templateName_ Parameter

CVE-2023-35947 MEDIUM

Gradle < 7.6.2 - Path Traversal and Arbitrary File Write via Tar Archive Extraction

CVE-2023-35946 MEDIUM

Gradle < 7.6.2 - Path Traversal and Arbitrary File Write via Dependency Coordinates

CVE-2023-32608 MEDIUM

Pleasanter < 1.3.39.2 - Authenticated Path Traversal and Arbitrary File Write

CVE-2023-33277 HIGH

Gira Giersiepen Gira KNX/IP-Router <3.3.8.0 - Path Traversal

Previous Page 148 of 369 Next

Details

Vulnerabilities 9,214

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy