Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22

CVE-2022-2969 HIGH

Delta Industrial Automation DIALink < 1.5.0.0 Beta 4 - Path Traversal

CVE-2022-29837 MEDIUM

Western Digital My Cloud Home/Duo & SanDisk ibi <8.12.0-178 Path Traversal & Arbitrary File Write

CVE-2022-4031 LOW

Simple:Press <6.8 - Privilege Escalation

CVE-2022-4030 HIGH

Simple:Press < 6.8.0 - Path Traversal and Arbitrary File Deletion via Avatar File Parameter

CVE-2022-3361 MEDIUM

Ultimate Member <2.5.0 - Path Traversal

CVE-2022-25848 HIGH

static-dev-server - Path Traversal

CVE-2022-44635 HIGH

Apache Fineract < 1.8.1 - Authenticated Remote Code Execution via Path Traversal in File Upload

CVE-2022-45921 HIGH

FusionAuth < 1.41.3 - Path Traversal and Arbitrary File Read

CVE-2022-41158 HIGH

eyoom_builder < 4.5.3 - Remote Code Execution via Cookie Path Traversal

CVE-2022-41712 MEDIUM

Frappe 14.10.0 - Path Traversal via Import File Parameter

CVE-2022-40977 HIGH

Pilz PASvisu Server <1.12.0 - Path Traversal

CVE-2022-40976 MEDIUM

Pilz - Path Traversal

CVE-2022-44749 MEDIUM

KNIME Analytics Platform 3.2.0-4.6.4 - Path Traversal and Arbitrary File Write via ZIP Archive Extraction

CVE-2022-44748 HIGH

KNIME Server 4.3.0-4.13.6 - Authenticated Path Traversal and Arbitrary File Write via ZIP Archive Extraction

CVE-2022-45866 MEDIUM

qpress < 11.3 - Path Traversal via .. in .qp File

CVE-2022-44280 MEDIUM

Automotive Shop Management System v1.0 - File Deletion

CVE-2022-4065 MEDIUM

cbeust testng <7.5.1,7.7.1 - Path Traversal

CVE-2022-41840 HIGH

Welcart eCommerce <2.7.7 - Path Traversal

CVE-2022-39178 MEDIUM

webvendome - Internal Server IP and Full Path Disclosure via GET Request

CVE-2022-38165 CRITICAL

F-Secure Policy Manager <2022-08-10 - File Write

CVE-2022-3090 HIGH

Red Lion Controls Crimson <3.0-3.2.0044.0 - Path Traversal

CVE-2022-41920 MEDIUM

Lancet < 1.3.4 and 2.0.0-2.1.10 - Path Traversal via ZipSlip in fileutil Package

CVE-2022-42892 MEDIUM

syngo Dynamics < VA40G HF01 - Unauthenticated Directory Listing via Web Service Operation

CVE-2022-44006 CRITICAL

BACKCLICK Professional <5.9.63 - RCE

CVE-2022-44008 MEDIUM

BACKCLICK Professional <5.9.63 - Info Disclosure

Previous Page 167 of 369 Next

Details

Vulnerabilities 9,220

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy