Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22

CVE-2022-20850 MEDIUM

Cisco SD-WAN vBond, vManage, vSmart & IOS XE SD-WAN - Authenticated Arbitrary File Deletion via CLI

CVE-2022-20818 HIGH

Cisco SD-WAN < 20.9 - Authenticated Privilege Escalation via CLI Command Injection

CVE-2022-20775 HIGH KEV

Cisco SD-WAN Software - Privilege Escalation

CVE-2022-2922 MEDIUM

Dnnsoftware Dotnetnuke < 9.11.0 - Path Traversal

CVE-2022-40082 HIGH

Hertz 0.3.0 - Path Traversal via normalizePath Function

CVE-2022-39261 HIGH

Twig < 1.44.7, 2.x < 2.15.3, 3.x < 3.4.3 - Path Traversal via Namespace Bypass

CVE-2022-28814 CRITICAL

Carlo Gavazzi UWP3.0 - Path Traversal

CVE-2022-39034 MEDIUM

Smart eVision - Path Traversal in Report API

CVE-2022-39033 CRITICAL

Smart eVision - Unauthenticated Path Traversal and Arbitrary File Deletion via URL Parameter

CVE-2022-40199 LOW

EC-CUBE 3.0.0-3.0.18-p4 and 4.0.0-4.1.2 - Authenticated Path Traversal

CVE-2022-2926 MEDIUM

Adobe Download Manager < 3.2.55 - Authenticated Path Traversal via Unvalidated Setting

CVE-2022-41352 CRITICAL KEV

Zimbra Collaboration <9.0 - Privilege Escalation

CVE-2022-34026 HIGH

ICEcoder 8.1 - Path Traversal

CVE-2022-40444 MEDIUM

ZZCMS 2022 - Full Path Disclosure via /admin/index.PHP

CVE-2022-40443 MEDIUM

ZZCMS 2022 - Path Traversal via /one/siteinfo.php GET Request

CVE-2022-28981 HIGH

Liferay Portal <7.4.3 - Path Traversal

CVE-2022-29799 MEDIUM

Microsoft Windows Defender For Endpoint - Path Traversal

CVE-2022-41231 MEDIUM

Jenkins Build-Publisher Plugin <1.22 - Privilege Escalation

CVE-2022-2265 HIGH

Identity and Directory Management System < 2.1.25 - Unauthenticated Path Traversal

CVE-2022-39221 HIGH

McWebserver Minecraft Mod Path Traversal via HTTP Request

CVE-2022-38340 CRITICAL

Safe Software FME Server <2022.0.0.2 - Path Traversal

CVE-2022-23767 HIGH

SecureGate - Unauthenticated SQL Injection and Path Traversal via Login and File Transfer

CVE-2022-40608 HIGH

IBM Spectrum Protect Plus 10.1.6-10.1.11 - Path Traversal via Microsoft File Systems Restore URL

CVE-2022-40715 MEDIUM

NOKIA 1350OMS R14.2 - Authenticated Path Traversal via Logfile Parameter

CVE-2022-40713 MEDIUM

NOKIA 1350OMS R14.2 - Authenticated Path Traversal via File Parameter

Previous Page 171 of 369 Next

Details

Vulnerabilities 9,220

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy