Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,214 vulnerabilities with CWE-22

CVE-2023-33544 MEDIUM

hawtio 2.17.2 - Path Traversal and Arbitrary File Write via Malicious Zip File Decompression

CVE-2023-29159 HIGH

Starlette 0.13.5-0.26.9 - Unauthenticated Path Traversal

CVE-2023-2909 HIGH

ASUSTOR ADM < 4.0.6.REG2, 4.1.0, 4.2.1.RGE2 - Path Traversal and Arbitrary File Deletion via EZ Sync Service

CVE-2023-2435 HIGH

Blog-in-Blog < 2.0.0 - Authenticated Local File Inclusion via Shortcode Attribute

CVE-2023-30197 HIGH

myinventory <= 1.6.6 - Unauthenticated Path Traversal

CVE-2023-28344 HIGH

Faronics Insight 10.0.19045 - Unauthenticated Screenshot Spoofing and Information Disclosure

CVE-2023-33177 HIGH

Xibo CMS <2.3.17-3.3.5 - Path Traversal

CVE-2023-30196 HIGH

salesbooster <= 1.10.4 - Path Traversal via Download Endpoint

CVE-2023-29380 HIGH

Warpinator < 1.6.0 - Remote File Deletion via Directory Traversal in top_dir_basenames

CVE-2023-32676 MEDIUM

Autolab < 2.11.0 - Authenticated Path Traversal via Tar Archive Extraction

CVE-2023-32317 MEDIUM

Autolab < 2.11.0 - Authenticated Path Traversal and Arbitrary File Write via MOSS Cheat Checker Tar Archive

CVE-2023-32315 HIGH KEV

Openfire authentication bypass with RCE plugin

CVE-2023-27311 MEDIUM

NetApp Blue XP Connector <3.9.25 - Info Disclosure

CVE-2023-2825 CRITICAL

GitLab Authenticated File Read

CVE-2023-28382 HIGH

ESS REC Agent Server Edition < 1.4.3 - Authenticated Path Traversal

CVE-2023-26216 CRITICAL

TIBCO EBX Add-ons <4.5.16 - File Upload

CVE-2023-26215 HIGH

TIBCO EBX Add-ons <4.5.16 - Info Disclosure

CVE-2023-31861 HIGH

ZLMediaKit 4.0 - Path Traversal

CVE-2023-28413 CRITICAL

Snow Monkey Forms < 5.0.6 - Unauthenticated Path Traversal

CVE-2023-28408 CRITICAL

MW WP Form < 4.4.2 - Unauthenticated Path Traversal

CVE-2023-27507 CRITICAL

MicroEngine Mailform 1.1.0-1.1.8 - Path Traversal and Arbitrary File Write via File Upload Function

CVE-2023-27067 HIGH

Sitecore Experience Platform <10.2 - Path Traversal

CVE-2023-27066 MEDIUM

Site Core Experience Platform <10.2 - Path Traversal

CVE-2023-30199 HIGH

customexporter <= 1.7.20 - Path Traversal via Download Endpoint

CVE-2023-32322 MEDIUM

Ombi < 4.38.2 - Authenticated Arbitrary File Read via LogFileName Parameter

Previous Page 151 of 369 Next

Details

Vulnerabilities 9,214

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy