Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22

CVE-2022-24785 HIGH

Moment.js 1.0.1-2.29.1 - Path Traversal via Locale Switching

CVE-2022-1166 MEDIUM

JobMonster < 4.6.6.1 - Unauthenticated Directory Listing in Uploads Folder

CVE-2022-27248 MEDIUM

IdeaRE RefTree < 2021.09.17 - Authenticated Path Traversal via DownloadDwg Endpoint

CVE-2022-26233 HIGH

Barco Control Room Management <2.9 Build 0275 - Path Traversal

CVE-2022-28380 HIGH

rc-httpd <2022-03-31 - Path Traversal

CVE-2022-26019 HIGH

pfSense CE <2.6.0 - Privilege Escalation

CVE-2022-23793 HIGH

Joomla! 3.0.0-3.10.6 and 4.0.0-4.1.0 - Path Traversal via Tar Package Extraction

CVE-2022-25347 CRITICAL

Delta Electronics DIAEnergie < 1.8.02.004 - Path Traversal and Arbitrary File Write

CVE-2022-28157 MEDIUM

Jenkins Pipeline: Phoenix AutoTest Plugin < 1.3 - Arbitrary File Upload via FTP

CVE-2022-28156 MEDIUM

Jenkins Pipeline: Phoenix AutoTest Plugin < 1.3 - Path Traversal via Agent Workspace Copy

CVE-2022-28148 MEDIUM

Jenkins Continuous Integration with Toad Edge Plugin < 2.3 - Path Traversal via File Browser

CVE-2022-28146 MEDIUM

Jenkins Continuous Integration with Toad Edge Plugin < 2.3 - Arbitrary File Read via Input Folder Parameter

CVE-2022-0679 CRITICAL

Narnoo Distributor WordPress <2.5.1 - Info Disclosure

CVE-2022-0493 MEDIUM

String locator WordPress <2.5.0 - Path Traversal

CVE-2022-26252 MEDIUM

aaPanel 6.8.21 - Path Traversal

CVE-2022-27906 MEDIUM

Mendelson OFTP2 < 1.1b43 - Path Traversal via Odette ID

CVE-2022-25267 HIGH

Passwork < 4.6.13 - Path Traversal via Migration Upload Endpoint

CVE-2022-25266 MEDIUM

Passwork < 4.6.13 - Path Traversal via Migration/Download Export File

CVE-2022-24731 MEDIUM

Argo CD <2.1.11, 2.2.6, 2.3.0 - Path Traversal

CVE-2022-24730 HIGH

Argo CD <2.1.11, 2.2.6, 2.3.0 - Path Traversal

CVE-2022-24774 HIGH

CycloneDX BOM Repository Server < 2.0.1 - Path Traversal and Denial of Service via Directory Manipulation

CVE-2022-23347 HIGH

BigAnt Server 5.6.06 - Path Traversal

CVE-2022-26960 CRITICAL

std42 elFinder <2.1.60 - Path Traversal

CVE-2022-26500 HIGH KEV

Veeam Backup & Replication <11.x - Code Injection

CVE-2022-21221 MEDIUM

fasthttp < 1.34.0 - Directory Traversal via Backslash Character in ServeFile Path

Previous Page 185 of 369 Next

Details

Vulnerabilities 9,220

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy