Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,214 vulnerabilities with CWE-22

CVE-2023-34598 CRITICAL

Gibbon v25.0.0 - Local File Inclusion via Path Traversal

CVE-2023-34843 HIGH

Traggo Server 0.3.0 - Path Traversal via Crafted GET Request

CVE-2023-32623 CRITICAL

Snow Monkey Forms < 5.1.2 - Unauthenticated Path Traversal and Arbitrary File Deletion

CVE-2023-3331 MEDIUM

NEC Corporation Aterm - Path Traversal

CVE-2023-3330 MEDIUM

NEC Corporation Aterm - Path Traversal

CVE-2023-30945 CRITICAL

Multiple Services - Unauthenticated File Read/Write

CVE-2023-32557 CRITICAL

Trend Micro Apex One < 14.0.12105 - Unauthenticated Path Traversal and Remote Code Execution

CVE-2023-32522 HIGH

Trend Micro Mobile Security (Enterprise) 9.8 SP5 - Authenticated Path Traversal and Arbitrary File Deletion

CVE-2023-32521 CRITICAL

Trend Micro Mobile Security (Enterprise) 9.8 SP5 - Unauthenticated Path Traversal and Arbitrary File Deletion

CVE-2023-36301 HIGH

Talend Data Catalog <8.0-20230221 - Path Traversal

CVE-2023-25307 HIGH

mrpack-install < 0.16.3 - Path Traversal

CVE-2023-25306 HIGH

MultiMC Launcher <= 0.6.16 - Path Traversal

CVE-2023-36612 HIGH

Basecamp bc3 <4.2.1 - Path Traversal

CVE-2023-35169 CRITICAL

webklex/php-imap < 5.3.0 - Unauthenticated Path Traversal and Remote Code Execution via Attachment Filename

CVE-2023-35801 HIGH

Safe FME Server < 2022.2.5 - Authenticated Path Traversal and Arbitrary File Write via Network Resource Connection

CVE-2023-34939 CRITICAL

ONLYOFFICE Community Server < 12.5.2 - Remote Code Execution via UploadProgress.ashx

CVE-2023-35843 HIGH

NocoDB < 0.106.1 - Unauthenticated Path Traversal via /download Route

CVE-2023-35852 HIGH

Suricata < 6.0.13 - Path Traversal and Arbitrary File Write via Dataset Filename

CVE-2023-35844 HIGH

lightdash < 0.510.3 - Path Traversal and Arbitrary File Write via Insecure File Endpoints

CVE-2023-35840 MEDIUM

elFinder < 2.1.62 - Path Traversal via LocalVolumeDriver Connector

CVE-2023-25186 MEDIUM

Nokia Airscale ASIKA Firmware - Path Traversal in AaShell Diagnostic Tool

CVE-2023-34645 HIGH

jfinal_cms 5.1.0 - Arbitrary File Read

CVE-2023-34880 CRITICAL

cmseasy v7.7.7.7 20230520 - Path Traversal and Arbitrary Code Execution via add_action Method

CVE-2023-2270 HIGH

Netskope < 100 - Local Path Traversal and Arbitrary File Write via Relative Path Handling

CVE-2023-34865 CRITICAL

ujcms 6.0.2 - Path Traversal via Rename Feature

Previous Page 149 of 369 Next

Details

Vulnerabilities 9,214

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy