Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22

CVE-2022-20723 MEDIUM

Cisco IOS XE IOx Application Hosting - Path Traversal

CVE-2022-20722 MEDIUM

Cisco IOS XE IOx Application Hosting - Path Traversal

CVE-2022-20721 MEDIUM

Cisco IOS XE IOx Application Hosting - Path Traversal

CVE-2022-20720 MEDIUM

Cisco IOS XE IOx Application Hosting - Symlink Path Traversal

CVE-2022-20719 MEDIUM

Cisco IOS XE IOx Application Hosting - Path Traversal

CVE-2022-20718 MEDIUM

Cisco IOS XE IOx - Command Injection, Code Execution, Install Bypass, and XSS

CVE-2022-20677 MEDIUM

Cisco IOx - Path Traversal

CVE-2022-24843 HIGH

gin-vue-admin < 2.5.1 - Path Traversal and Arbitrary File Read

CVE-2022-28052 HIGH

Roothub 2.6.0 - Path Traversal and Arbitrary File Write via FileSystemStorageService

CVE-2022-22279 MEDIUM

Secure Remote Access/SMA <9.0.0.5-19sv - Info Disclosure

CVE-2022-0436 MEDIUM

gruntjs/grunt <1.5.2 - Path Traversal

CVE-2022-27657 LOW

SAP Focused Run Simple Diagnostics Agent 1.0 - Path Traversal

CVE-2022-24248 MEDIUM

RiteCMS < 3.1.0 - Authenticated Arbitrary File Deletion via Path Traversal

CVE-2022-24247 MEDIUM

ritecms < 3.1.0 - Authenticated Arbitrary File Overwrite via Path Traversal

CVE-2022-28544 MEDIUM

Galaxy store <4.5.40.5 - Path Traversal

CVE-2022-28543 MEDIUM

Samsung Flow <4.8.07.4 - Path Traversal

CVE-2022-28541 MEDIUM

Samsung Update < 3.0.77.0 - Unauthenticated Arbitrary Code Execution via Uncontrolled Search Path

CVE-2022-27844 LOW

WPvivid Migration, Backup, Staging < 0.9.71 - Arbitrary File Read

CVE-2022-27836 HIGH

Android Storage Manager < SMR Apr-2022 Release 1 - Improper Access Control and Path Traversal

CVE-2022-27279 HIGH

InRouter 900 Firmware < 1.0.0.r11700 - Path Traversal and Arbitrary File Read via sub_177E0

CVE-2022-27277 CRITICAL

InRouter 900 Firmware < 1.0.0.r11700 - Arbitrary File Deletion via sub_17C08 Function

CVE-2022-26675 HIGH

aEnrich a+HRD - Unauthenticated Path Traversal via URL Special Character Bypass

CVE-2022-23971 HIGH

ASUS RT-AX56U Firmware - Unauthenticated Path Traversal via update_PLC/PORT URL Parameter

CVE-2022-23970 HIGH

ASUS RT-AX56U Firmware - Unauthenticated Path Traversal via URL Parameter

CVE-2022-23732 HIGH

GitHub Enterprise Server < 3.1.19 - Path Traversal and CSRF Bypass in Management Console

Previous Page 184 of 369 Next

Details

Vulnerabilities 9,220

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy