Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22

CVE-2022-4880 MEDIUM

stakira OpenUtau <0.0.991 - Path Traversal

CVE-2022-4878 MEDIUM

JATOS <3.7.5-alpha - Path Traversal

CVE-2022-37934 MEDIUM

HPE OfficeConnect 1820 and 1850 Switch Series - Remote Path Traversal

CVE-2022-38723 HIGH

Gravitee API Mgmt <3.15.13 - Path Traversal

CVE-2022-36943 HIGH

SSZipArchive < 2.5.3 - Arbitrary File Write via Symlink Path Traversal

CVE-2022-45867 HIGH

MyBB < 1.8.33 - Authenticated Path Traversal and Local File Inclusion via Admin CP Languages Module

CVE-2022-46309 MEDIUM

Vitals ESP 3.0.8-6.1.9 - Authenticated Path Traversal via Upload Function

CVE-2022-46306 HIGH

ChangingTec ServiSign - Path Traversal

CVE-2022-46305 MEDIUM

ChangingTec ServiSign - Path Traversal

CVE-2022-39040 HIGH

aEnrich a+HRD - Unauthenticated Path Traversal via Log Read Function

CVE-2022-38205 HIGH

Esri Portal for ArcGIS <10.9.1 - Path Traversal

CVE-2022-46178 HIGH

MeterSphere <2.5.1 - Path Traversal

CVE-2022-4779 HIGH

StreamX 6.02.01-6.04.34 - Unauthenticated Authentication Bypass via StreamView HTML Component

CVE-2022-4778 MEDIUM

StreamX 6.02.01-6.04.34 - Authenticated Path Traversal via Public Web Server Feature

CVE-2022-44564 HIGH

Huawei Aslan Children's Watch AL10 Firmware 11.1.0.118(c00m06)-11.1.0.10118(c00m06) - Path Traversal

CVE-2022-38202 HIGH

Esri ArcGIS Server <10.9.1 - Path Traversal

CVE-2022-4773 LOW

cloudsync < 2022-09-21 - Path Traversal in LocalFilesystemConnector getItem Function

CVE-2022-4772 MEDIUM

widoco < 2022-07-29 - Path Traversal in unZipIt Function

CVE-2022-4748 MEDIUM

FlatPress - Path Traversal via Delete File Argument in Media Manager

CVE-2022-45894 MEDIUM

Planet eStream < 6.72.10.07 - Path Traversal via GetFile.aspx

CVE-2022-44016 HIGH

Simmeth Lieferantenmanager <5.6 - Info Disclosure

CVE-2022-47945 CRITICAL

ThinkPHP Framework < 6.0.14 - Unauthenticated Local File Inclusion via Lang Parameter

CVE-2022-23854 HIGH

AVEVA InTouch Access Anywhere <2020 R2 - Path Traversal

CVE-2022-46171 MEDIUM

tauri 1.0.0-1.0.8 - Path Traversal via Glob Pattern Wildcards

CVE-2022-46492 MEDIUM

nbnbk - Path Traversal and Arbitrary File Read via /api/Index/getFileBinary

Previous Page 164 of 369 Next

Details

Vulnerabilities 9,220

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy