Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22

CVE-2022-37700 HIGH

Zentao Demo15 - Directory Traversal via getconfig Mode Parameter

CVE-2022-39210 LOW

Nextcloud Android < 3.21.0 - Path Traversal

CVE-2022-39001 HIGH

Number Identification Module - Path Traversal

CVE-2022-2863 MEDIUM

WordPress Plugin <0.9.76 - Path Traversal

CVE-2022-34002 MEDIUM

PDS Vista 7 < 7.1.7.2 - Authenticated Local File Inclusion via Document Parameter

CVE-2022-39215 HIGH

tauri < 1.0.6 - Directory Traversal via Symbolic Link in readDir

CVE-2022-1798 HIGH

kubevirt 0.20.0-0.55.1 - Path Traversal

CVE-2022-40734 MEDIUM

UniSharp Laravel Filemanager < 2.6.4 - Path Traversal via Download Endpoint

CVE-2022-38301 HIGH

Onedev v7.4.14 - Path Traversal via Crafted JAR File Upload

CVE-2022-36113 MEDIUM

Cargo < 0.65.0 - Arbitrary File Corruption via .cargo-ok Symlink Extraction

CVE-2022-37703 LOW

Amanda 3.5.1 - Directory Existence Disclosure via calcsize SUID Binary

CVE-2022-20395 HIGH

Android -11,12,12L,13 - Path Traversal

CVE-2022-32190 HIGH

GO - Path Traversal

CVE-2022-26049 MEDIUM

com.diffplug.gradle:goomph <3.37.2 - Code Injection

CVE-2022-38638 CRITICAL

Casdoor < 1.103.1 - Arbitrary File Write via FullFilePath Parameter

CVE-2022-38614 HIGH

SmartVista Cardgen <3.28.0 - Path Traversal

CVE-2022-38613 MEDIUM

SmartVista Cardgen <3.28.0 - Path Traversal

CVE-2022-28741 HIGH

aEnrich a+HRD 5.0-5.4.1125v112 - Local File Inclusion via Missing Input Validation

CVE-2022-37299 MEDIUM

Shirne CMS 1.2.0 - Path Traversal via UEditor Controller

CVE-2022-36850 MEDIUM

Android CallBGProvider - Path Traversal and Arbitrary File Write

CVE-2022-38258 HIGH

D-Link DIR-819 Firmware 1.06 - Local File Inclusion and Denial of Service via getpage Parameter

CVE-2022-36081 HIGH

wikmd < 1.7.1 - Path Traversal via /list Endpoint

CVE-2022-36065 HIGH

growthbook < 1.6.0 - Unauthenticated Path Traversal and Remote Code Execution via File Upload

CVE-2022-2945 MEDIUM

Ajax Load More < 5.5.3 - Authenticated Path Traversal via 'type' Parameter

CVE-2022-2943 MEDIUM

Ajax Load More < 5.5.4 - Authenticated Arbitrary File Read via alm_repeaters_export()

Previous Page 172 of 369 Next

Details

Vulnerabilities 9,220

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy