Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22

CVE-2022-46255 CRITICAL

GitHub Enterprise Server <3.7.0 - RCE

CVE-2022-23512 HIGH

MeterSphere < 2.4.1 - Path Traversal via ApiTestCaseService

CVE-2022-4494 MEDIUM

mcp_mapping_viewer < 2022-09-22 - Path Traversal in RemoteZipHandler

CVE-2022-4493 MEDIUM

scifio < 0.43.3 - Path Traversal in ZIP File Handler

CVE-2022-34271 HIGH

Apache Atlas 0.8.4-2.2.0 - Authenticated Path Traversal and Arbitrary File Write

CVE-2022-40264 MEDIUM

GENESIS64 10.96-10.97.2 - Unauthenticated Path Traversal via Crafted Project Package Import

CVE-2022-20449 MEDIUM

Android - Path Traversal in UserManagerService

CVE-2022-29580 HIGH

Google Search < 13.41 - Path Traversal via Symbolic Encoded String Bypass

CVE-2022-45269 HIGH

Linx Sphere LINX 7.35.ST15 - Path Traversal in SCS.Web.Server.SPI

CVE-2022-44653 HIGH

Trend Micro Apex One < 14.0.11789 - Local Privilege Escalation via Directory Traversal

CVE-2022-44532 MEDIUM

Aruba EdgeConnect Enterprise < 8.3.7.1 - Authenticated Path Traversal via CLI

CVE-2022-43518 MEDIUM

Aruba EdgeConnect Enterprise <9.2.1.0-8.3.7.1 - Path Traversal

CVE-2022-37906 MEDIUM

ArubaOS 6.5.4.0-6.5.4.21 and SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.5 - Authenticated Path Traversal

CVE-2022-4402 MEDIUM

docsys < 2.02.37 - Path Traversal via ZIP File Decompression Handler

CVE-2022-45290 CRITICAL

kbase_doc v1.0 - Arbitrary File Deletion via IndexController

CVE-2022-46826 MEDIUM

JetBrains IntelliJ IDEA <2022.3 - Path Traversal

CVE-2022-4123 LOW

Podman - Path Traversal

CVE-2022-41720 HIGH

Windows - Info Disclosure

CVE-2022-44942 HIGH

Casdoor < 1.126.1 - Arbitrary File Deletion via uploadFile Function

CVE-2022-45833 MEDIUM

Easy WP SMTP <= 1.5.1 - Authenticated Path Traversal

CVE-2022-45829 HIGH

Easy WP SMTP <= 1.5.1 - Authenticated Path Traversal

CVE-2022-44900 CRITICAL

Py7zr < 0.20.1 - Path Traversal

CVE-2022-46154 HIGH

Kodexplorer <4.50 - Info Disclosure

CVE-2022-23470 HIGH

Galaxy 22.01-22.05 - Arbitrary File Read via Gunicorn Static Content Handling

CVE-2022-42706 MEDIUM

Sangoma Asterisk Path Traversal via Asterisk Manager Interface GetConfig

Previous Page 166 of 369 Next

Details

Vulnerabilities 9,220

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy