Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,116 vulnerabilities with CWE-22

CVE-2026-6903 HIGH

Path Traversal Vulnerability in LabOne User Interface

CVE-2026-41211 CRITICAL

`vite-plus/binding` has path traversal `downloadPackageManager()` that leads to writes outside of `VP_HOME`

CVE-2026-41180 HIGH

PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart

CVE-2026-4917 MEDIUM

IBM Guardium Data Protection is affected by multiple vulnerabilities

CVE-2026-40062 HIGH

Ziostation2 <= 2.9.8.7 - Unauthenticated Path Traversal

CVE-2026-33656 CRITICAL

EspoCRM vulnerable to authenticated RCE via Formula with path traversal in attachment `sourceId`, exploitable by admin user

CVE-2026-34414 HIGH

Xerte Online Toolkits Path Traversal via connector.php

CVE-2026-35363 MEDIUM

uutils coreutils rm Safeguard Bypass via Improper Path Normalization

CVE-2026-35338 HIGH

uutils coreutils chmod Path Traversal Bypass of --preserve-root

CVE-2026-32885 MEDIUM

DDEV has ZipSlip path traversal in tar and zip archive extraction

CVE-2026-6855 HIGH

InstructLab - Path Traversal Arbitrary File Write

CVE-2026-4280 MEDIUM

Breaking News WP <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Local File Inclusion/Read

CVE-2026-41062 MEDIUM

AVideo <=29.0 ReceiveImage downloadURL - Path Traversal

CVE-2026-41058 HIGH

AVideo <=29.0 CloneSite deleteDump - Path Traversal

CVE-2026-6832 HIGH

Nesquena Hermes WebUI Arbitrary File Deletion via Unvalidated session_id

CVE-2026-6829 MEDIUM

nesquena hermes-webui Arbitrary Workspace Directory Access

CVE-2026-40923 MEDIUM

Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check

CVE-2026-40909 HIGH

WWBN AVideo <= 29.0 - Path Traversal Remote Code Execution

CVE-2026-40876 HIGH

SFTP root escape via prefix-based path validation in goshs

CVE-2026-41193 CRITICAL

FreeScout < 1.8.215 - Zip Slip Remote Code Execution

CVE-2026-40611 HIGH

Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider

CVE-2026-40576 CRITICAL

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server

CVE-2026-40050 CRITICAL

CrowdStrike LogScale Unauthenticated Path Traversal

CVE-2026-32147 MEDIUM

SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT

CVE-2026-39973 HIGH

Apktool: Path Traversal to Arbitrary File Write

Previous Page 17 of 365 Next

Details

Vulnerabilities 9,116

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy