Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,214 vulnerabilities with CWE-22

CVE-2023-20167 MEDIUM

Cisco Identity Services Engine - Authenticated Path Traversal

CVE-2023-20166 MEDIUM

Cisco Identity Services Engine - Authenticated Path Traversal

CVE-2023-20087 MEDIUM

Cisco Identity Services Engine < 3.1 - Authenticated Path Traversal

CVE-2023-20077 MEDIUM

Cisco Identity Services Engine - Authenticated Arbitrary File Download via Crafted HTTP Requests

CVE-2023-32767 HIGH

Symcon IP-Symcon < 6.3 - Path Traversal via URL

CVE-2023-31904 HIGH

savysoda Wifi HD Wireless Disk Drive 11 - Local File Inclusion

CVE-2023-2745 MEDIUM

WordPress < 6.2 - Unauthenticated Directory Traversal via wp_lang Parameter

CVE-2023-30509 MEDIUM

Aruba EdgeConnect Enterprise < 9.0.8.0 - Authenticated Path Traversal via Command Line Interface

CVE-2023-30508 MEDIUM

Aruba EdgeConnect Enterprise < 9.0.8.0 - Authenticated Path Traversal via CLI

CVE-2023-30507 MEDIUM

Aruba EdgeConnect Enterprise < 9.0.8.0 - Authenticated Path Traversal

CVE-2023-2196 MEDIUM

Jenkins Code Dx Plugin <3.1.0 - Info Disclosure

CVE-2023-32985 MEDIUM

Jenkins Sidebar Link Plugin < 2.2.1 - Path Traversal via Form Validation

CVE-2023-31131 HIGH

Greenplum Database <6.22.3 - Path Traversal

CVE-2023-32309 HIGH

PyMdown Extensions 1.5.0-9.9.9 - Arbitrary File Read via Snippets Include Syntax

CVE-2023-23169 MEDIUM

Synapsoft pdfocus 1.17 - Path Traversal and Server-Side Request Forgery

CVE-2023-31477 HIGH

GL.iNet Firmware < 3.216 - Path Traversal via File Sharing Feature

CVE-2023-30172 HIGH

MLflow < 2.0.1 - Path Traversal via /get-artifact API Path Parameter

CVE-2023-29986 MEDIUM

spring-boot-actuator-logview 0.2.13 - Path Traversal via LogViewEndpoint.view

CVE-2023-31166 MEDIUM

SEL RTAC Module Firmware < r150-v2 - Authenticated Path Traversal via Web Interface

CVE-2023-27562 MEDIUM

n8n < 0.216.1 - Path Traversal

CVE-2023-26126 HIGH

m.static < 2.2.0 - Path Traversal via requestFile Function

CVE-2023-28127 HIGH

Ivanti Avalanche < 6.3.4.153 - Path Traversal and Information Disclosure via getLogFile

CVE-2023-20098 MEDIUM

Cisco SDWAN vManage Software - Path Traversal

CVE-2023-29128 LOW

SIMATIC Cloud Connect 7 - Path Traversal

CVE-2023-29104 MEDIUM

SIMATIC Cloud Connect 7 - Path Traversal

Previous Page 152 of 369 Next

Details

Vulnerabilities 9,214

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy