Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22

CVE-2022-35204 MEDIUM

vitejs/vite < 2.9.13 - Path Traversal via Crafted URL

CVE-2022-37060 HIGH

FLIR AX8 Firmware <= 1.46.16 - Unauthenticated Directory Traversal

CVE-2022-1373 HIGH

Softing Secure Integration Server v1.22 Remote Code Execution

CVE-2022-34254 HIGH

Adobe Commerce <2.4.3-p2, 2.3.7-p3, 2.4.4 - Path Traversal

CVE-2022-36007 MEDIUM

Venice < 1.10.17 - Partial Path Traversal via Absolute Path Handling

CVE-2022-37423 HIGH

Neo4j APOC < 4.3.0.7 and 4.4.0.0-4.4.0.8 - Path Traversal via apoc.log.stream

CVE-2022-37042 CRITICAL KEV

Zimbra Collaboration Suite 8.8.15/9.0 - Path Traversal & RCE via mboximport

CVE-2022-38129 CRITICAL

Keysight Sensor Mgmt Server - Path Traversal

CVE-2022-29804 HIGH

GO < 1.17.11 - Path Traversal

CVE-2022-34365 MEDIUM

Dell Wyse Management Suite < 3.8.0 - Path Traversal in Device API

CVE-2022-20816 MEDIUM

Cisco Unified Communications Manager 11.5(1)-14su2 - Authenticated Arbitrary File Deletion via HTTP Request

CVE-2022-36831 MEDIUM

Samsung Notes < 4.3.14.39 - Path Traversal via UriFileUtils

CVE-2022-33715 MEDIUM

LauncherProvider <SMR Aug-2022 Release 1 - Path Traversal

CVE-2022-31662 HIGH

VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation - Path Traversal

CVE-2022-2531 MEDIUM

GitLab EE <15.0.5-15.2.1 - Path Traversal

CVE-2022-31793 HIGH

muhttpd < 1.1.7 - Path Traversal via Single-Character Prefix Bypass

CVE-2022-31473 MEDIUM

BIG-IP <16.1.1, 15.1.4 - Auth Bypass

CVE-2022-35216 HIGH

OMICARD EDM >=5.8 <6.0 - Unauthenticated Path Traversal via Mail Image Relay Function

CVE-2022-32963 HIGH

OMICARD EDM >=5.8 <6.0 - Unauthenticated Path Traversal via Mail File Relay Function

CVE-2022-2653 MEDIUM

Planka - Information Disclosure via Path Traversal

CVE-2022-27621 MEDIUM

Synology USB Copy < 2.2.0-1086 - Authenticated Path Traversal and Arbitrary File Write via WebAPI Component

CVE-2022-27620 MEDIUM

Synology SSO Server < 2.2.3-0331 - Authenticated Path Traversal via WebAPI Component

CVE-2022-27618 MEDIUM

Synology Storage Analyzer < 2.1.0-0390 - Authenticated Path Traversal and Arbitrary File Deletion via WebAPI Component

CVE-2022-27617 MEDIUM

Synology Calendar < 2.3.4-0631 - Authenticated Path Traversal via WebAPI Component

CVE-2022-30572 MEDIUM

TIBCO iWay Service Manager < 8.0.7 - Path Traversal in Console Component

Previous Page 174 of 369 Next

Details

Vulnerabilities 9,220

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy