Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22

CVE-2023-23946 MEDIUM

Git <2.39.2-2.30.8 - Path Traversal

CVE-2023-22629 HIGH

Titan FTP Server < 1.94.1205 - Authenticated Path Traversal via Move-File Function

CVE-2023-24188 CRITICAL

ureport v2.2.9 - Path Traversal and Arbitrary File Deletion via Deletion Function

CVE-2023-24804 MEDIUM

ownCloud Android <3.0 - Path Traversal

CVE-2023-24689 MEDIUM

Mojoportal <2.7.0.0 - Info Disclosure

CVE-2023-21448 MEDIUM

Samsung Cloud < 5.3.0.32 - Path Traversal

CVE-2023-24815 MEDIUM

Eclipse Vert.x-Web 4.0.0-4.3.7 - Path Traversal via StaticHandler on Windows

CVE-2023-0745 MEDIUM

YugabyteDB Anywhere 2.0.0.0-2.13.0.0 - Path Traversal and Arbitrary File Write via Backup Upload Endpoint

CVE-2023-23136 MEDIUM

lmxcms v1.41 - Arbitrary File Deletion via BackdbAction.class.php

CVE-2023-0454 HIGH

OrangeScrum 2.0.11 - Authenticated Arbitrary File Deletion via Path Traversal

CVE-2023-0593 MEDIUM

yaffshiv <= 0.1 - Path Traversal via Malicious YAFFS File

CVE-2023-0592 MEDIUM

jefferson < 0.4.1 - Path Traversal via JFFS2 Filesystem Extractor

CVE-2023-0591 MEDIUM

ubi_reader < 0.8.5 - Path Traversal via Crafted UBIFS Node Names

CVE-2023-24455 MEDIUM

Jenkins visualexpert Plugin <1.3 - Info Disclosure

CVE-2023-24449 MEDIUM

Jenkins PWauth Security Realm Plugin <0.4 - Info Disclosure

CVE-2023-24057 HIGH

HL7 FHIR Core Libraries <5.6.92 - Path Traversal

CVE-2023-23608 NONE

spotipy < 2.22.1 - Path Traversal via URI Parsing

CVE-2023-23314 HIGH

zdir 3.2.0 - Arbitrary File Upload and Remote Code Execution via /api/upload

CVE-2023-22726 HIGH

act < 0.2.40 - Path Traversal and Arbitrary File Write via Artifact Server

CVE-2023-0126 HIGH

SonicWall SMA1000 Firmware 12.4.2 - Unauthenticated Path Traversal

CVE-2023-0290 MEDIUM

Rapid7 Velociraptor - Path Traversal

CVE-2023-22320 HIGH

OpenAM Web Policy Agent - Path Traversal

CVE-2022-50953 MEDIUM

WordPress Plugin admin-word-count-column 2.2 Local File Read

CVE-2022-50956 MEDIUM

WordPress Plugin amministrazione-aperta 3.7.3 Local File Read

CVE-2022-50992 HIGH

Weaver E-cology 9.5 Unauthenticated Arbitrary File Read via XmlRpcServlet

Previous Page 158 of 369 Next

Details

Vulnerabilities 9,220

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy