Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,221 vulnerabilities with CWE-22

CVE-2022-0673 MEDIUM

LemMinX < 0.19.0 - Path Traversal via External Schema File Cache Poisoning

CVE-2022-25298 HIGH

webcc < 0.3.0 - Path Traversal

CVE-2022-22914 HIGH

Ovidentia CMS 6.0 - Authenticated Path Traversal in FileManager

CVE-2022-24983 HIGH

jqueryform/jqueryform < 2022-02-05 - Path Traversal via Unique ID Field

CVE-2022-25188 MEDIUM

Jenkins Fortify Plugin < 20.2.34 - Path Traversal and Arbitrary File Write via Pipeline Step Parameters

CVE-2022-25178 MEDIUM

Jenkins Pipeline < 552.vd9cc05b8a2e1 - Path Traversal via libraryResource Step

CVE-2022-24977 CRITICAL

ImpressCMS < 1.4.2 - Unauthenticated Remote Code Execution via Directory Traversal in CKEditor Image Upload

CVE-2022-24647 HIGH

CuppaCMS v1.0 - Arbitrary File Deletion via unlink() Function

CVE-2022-24312 CRITICAL

Schneider-electric Interactive Graphical Scada System Data Server < 15.0.0.22020 - Path Traversal

CVE-2022-24311 CRITICAL

Schneider-electric Interactive Graphical Scada System Data Server < 15.0.0.22020 - Path Traversal

CVE-2022-23620 MEDIUM

XWiki < 13.6 - Path Traversal via SSX Document Reference Export

CVE-2022-21999 HIGH KEV

Windows Print Spooler - Privilege Escalation

CVE-2022-21193 HIGH

TransmitMail 2.5.0-2.6.1 - Unauthenticated Path Traversal

CVE-2022-22931 MEDIUM

Apache James < 3.6.2 - Path Traversal in Maildir Mailbox Store and Sieve File Repository

CVE-2022-22679 MEDIUM

Synology DiskStation Manager 6.2-6.2.4-25556-3 - Authenticated Path Traversal and Arbitrary File Write

CVE-2022-23609 HIGH

itunesrpc-remastered 3.1.0 - Arbitrary File Deletion via Unsanitized User Input

CVE-2022-24348 HIGH

Argo CD <2.1.9 & <2.2.4 - Path Traversal

CVE-2022-23357 CRITICAL

mozilocms 2.0 - Path Traversal via curent_dir Parameter

CVE-2022-0401 CRITICAL

w-zip < 1.0.12 - Path Traversal

CVE-2022-0320 CRITICAL

Essential Addons for Elementor <5.0.5 - Local File Inclusion

CVE-2022-23602 HIGH

nim-lang/nimforum < 2.2.0 - Path Traversal via Include Directive

CVE-2022-23409 MEDIUM

ethercreative/logs < 3.0.4 - Path Traversal via actionStream in Controller.php

CVE-2022-22790 MEDIUM

SYNEL eharmony - Path Traversal via Name Parameter

CVE-2022-22932 MEDIUM

Apache Karaf < 4.2.15 and 4.3.0-4.3.6 - Path Traversal via obr Commands and karaf-maven-plugin

CVE-2022-23119 HIGH

Trend Micro Deep Security Agent < 20.0.0-3445 - Path Traversal

Previous Page 187 of 369 Next

Details

Vulnerabilities 9,221

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy