Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22

CVE-2023-1467 MEDIUM

SourceCodester Student Study Center Desk Management System 1.0 - Pa...

CVE-2023-21456 CRITICAL

Samsung Android Galaxy Themes Service - Path Traversal

CVE-2023-28105 HIGH

go-huge-util < 0.0.34 - Path Traversal via ZipSlip in fsutil Unzip

CVE-2023-25345 HIGH

swig-templates < 2.0.4 and swig < 1.4.2 - Path Traversal via Include or Extends Tags

CVE-2023-25804 HIGH

Roxy-WI < 6.3.5.0 - Path Traversal via SSH Key Save

CVE-2023-28371 CRITICAL

Stellarium < 1.2 - Path Traversal and Arbitrary File Write

CVE-2023-27588 HIGH

Hasura GraphQL Engine < 1.3.4 - Path Traversal

CVE-2023-1398 MEDIUM

XiaoBingBy TeaCMS 2.0 - Path Traversal

CVE-2023-27501 HIGH

SAP NetWeaver AS ABAP and ABAP Platform 700-757, 791 - Path Traversal and Arbitrary File Deletion

CVE-2023-27500 CRITICAL

SAP NetWeaver Application Server ABAP - Authenticated Path Traversal and Arbitrary File Write via SAPRSBRO

CVE-2023-27269 CRITICAL

SAP NetWeaver Application Server for ABAP and ABAP Platform - Path ...

CVE-2023-25803 HIGH

roxy-wi < 6.3.5.0 - Path Traversal and Arbitrary File Read

CVE-2023-25802 HIGH

roxy-wi < 6.3.6.0 - Path Traversal via Directory Traversal Sequences

CVE-2023-27577 MEDIUM

flarum < 1.7.0 - Authenticated Path Traversal via LESS Parser

CVE-2023-25814 HIGH

metersphere < 2.7.1 - Path Traversal via Resource File Submission

CVE-2023-23760 MEDIUM

GitHub Enterprise Server < 3.4.17 - Remote Code Execution via GitHub Pages Site Build

CVE-2023-27475 HIGH

goutil < 0.6.0 - Path Traversal via ZipSlip in fsutil.Unzip

CVE-2023-25304 HIGH

Prism Launcher < 6.1 - Path Traversal via Crafted .mrpack File Import

CVE-2023-1191 MEDIUM

fastcms - Path Traversal in ZIP File Handler

CVE-2023-26111 HIGH

@nubosoftware/node-static - Path Traversal

CVE-2023-22336 CRITICAL

dos-osaka SS1 < 13.0.0.40 and Rakuraku PC Cloud Agent < 2.1.8 - Path Traversal and Arbitrary File Write

CVE-2023-1163 MEDIUM

DrayTek Vigor 2960 1.5.1.4/1.5.1.5 - Path Traversal via getSyslogFile Option

CVE-2023-1112 MEDIUM

Drag and Drop Multiple File Upload Contact Form 7 < 5.0.6.3 - Path Traversal via upload_name Parameter

CVE-2023-22776 MEDIUM

ArubaOS 8.6.0.0-8.6.0.18 and SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.7 - Authenticated Path Traversal

CVE-2023-22774 HIGH

ArubaOS 8.6.0.0-8.6.0.18 and SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.7 - Authenticated Path Traversal

Previous Page 156 of 369 Next

Details

Vulnerabilities 9,220

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy