Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,221 vulnerabilities with CWE-22

CVE-2022-21221 MEDIUM

fasthttp < 1.34.0 - Directory Traversal via Backslash Character in ServeFile Path

CVE-2022-1000 CRITICAL

tiny_file_manager < 2.4.7 - Path Traversal

CVE-2022-25249 HIGH

PTC Axeda Agent < 6.9.1 and Axeda Desktop Server < 6.9.215 - Unauthenticated Path Traversal

CVE-2022-0959 MEDIUM

pgAdmin 4 < 6.7 - Authenticated Path Traversal via File Upload

CVE-2022-27208 MEDIUM

Jenkins Kubernetes Continuous Deploy Plugin <= 2.3.1 - Arbitrary File Read via Credentials/Create Permission

CVE-2022-27203 MEDIUM

Jenkins Extended Choice Parameter Plugin < 346.vd87693c5a_86c - Path Traversal and Arbitrary File Read

CVE-2022-22771 HIGH

TIBCO JasperReports Library and Server 7.9.0-7.9.1 - Path Traversal

CVE-2022-26276 MEDIUM

onenav 0.9.14 - Path Traversal via index.php

CVE-2022-25216 HIGH

DVDFab 12 Player 6.2.10-6.2.10 and PlayerFab 7.0.0.0-7.0.0.4 - Unauthenticated Path Traversal via Download Endpoint

CVE-2022-21808 HIGH

Yokogawa CENTUM CS 3000 R3.08.10-R3.09.00, CENTUM VP R4.01.00-R4.03.00, Exaopc R3.72.00-R3.79.00 - Path Traversal

CVE-2022-21177 HIGH

Yokogawa CENTUM CS 3000 R3.08.10-R3.09.00 and CENTUM VP R4.01.00-R4.03.00 - Path Traversal in CAMS for HIS Log Server

CVE-2022-26652 MEDIUM

NATS nats-server <2.7.4 - Path Traversal

CVE-2022-21132 MEDIUM

pfSense-pkg-WireGuard 0.1.5-0.1.5_4 and 0.1.6-0.1.6_1 - Authenticated Path Traversal

CVE-2022-24716 HIGH

Icinga Web 2 <2.9.5 - Info Disclosure

CVE-2022-24715 HIGH

Icinga Web 2 <2.8.6-2.10 - Authenticated RCE

CVE-2022-26484 MEDIUM

Veritas InfoScale Operations Manager < 7.4.2.600 and 8.x < 8.0.0.100 - Path Traversal

CVE-2022-25634 HIGH

Qt < 5.15.8 - Path Traversal via System Library File Loading

CVE-2022-24718 HIGH

Finastra ssr-pages < 0.1.4 - Path Traversal via SVG Property in build Function

CVE-2022-25412 HIGH

Maxsite CMS v180 - Arbitrary File Deletion via dir and deletefile Parameters

CVE-2022-26315 MEDIUM

qrcp < 0.8.4 - Path Traversal via File Name in Receive Mode

CVE-2022-23135 MEDIUM

ZTE ZXHN F677 and F477 Firmware < 9.0.0p1n29 - Path Traversal via FTP Access Path

CVE-2022-22349 MEDIUM

IBM Sterling External Authentication Server <6.0.3.0 - Path Traversal

CVE-2022-23612 HIGH

OpenMRS 1.6-2.1.5 - Arbitrary File Exfiltration via /images and /initfilter/scripts Endpoints

CVE-2022-0665 MEDIUM

pimcore < 10.3.2 - Path Traversal

CVE-2022-25358 MEDIUM

awful-salmonella-tar < 0.0.4 - Path Traversal via Directory Listing

Previous Page 186 of 369 Next

Details

Vulnerabilities 9,221

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy