Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,221 vulnerabilities with CWE-22

CVE-2022-21371 HIGH

Oracle WebLogic Server 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 - Unauthenticated Path Traversal via HTTP

CVE-2022-21693 MEDIUM

OnionShare < 2.5 - Path Traversal in User Home Directory

CVE-2022-22054 MEDIUM

ASUS RT-AX56U Firmware - Unauthenticated Path Traversal via URL Parameter

CVE-2022-21682 HIGH

Flatpak < 1.12.3 and < 1.10.6 - Path Traversal via --mirror-screenshots-url

CVE-2022-23113 MEDIUM

Jenkins Publish Over SSH Plugin <= 1.22 - Path Traversal via File Name Validation

CVE-2022-23107 HIGH

Jenkins Warnings Next Generation Plugin <= 9.10.2 - Path Traversal via Custom ID Configuration

CVE-2022-21675 CRITICAL

Bytecode Viewer 2.10.16-2.11.0 - Arbitrary File Write via Archive Extraction

CVE-2022-22836 MEDIUM

CoreFTP Server < 727 - Authenticated Path Traversal via HTTP PUT Request

CVE-2022-22821 LOW

NVIDIA NeMo < 1.6.0 - Authenticated Path Traversal in ASR WebApp

CVE-2021-47979 HIGH

WordPress Plugin Backup and Restore 1.0.3 Arbitrary File Deletion

CVE-2021-47977 HIGH

WordPress Anti-Malware Security Bruteforce Firewall 4.20.59 Directory Traversal

CVE-2021-47942 HIGH

Home Assistant Community Store 1.10.0 Path Traversal Account Takeover

CVE-2021-47921 MEDIUM

Free Photo & Video Vault <0.0.2 - Path Traversal

CVE-2021-47850 HIGH

Mini Mouse 9.2.0 - Path Traversal via HTTP Request

CVE-2021-47849 MEDIUM

Mini Mouse 9.3.0 - Path Traversal via Device Information Endpoint

CVE-2021-47795 MEDIUM

GeoVision GeoWebServer 5.3.3 - Path Traversal and Remote Code Execution via WebStrings.srf Endpoint

CVE-2021-47755 HIGH

Oliver Library Server < 8.00.008.053 - Unauthenticated Path Traversal via FileServlet fileName Parameter

CVE-2021-47751 HIGH

Rich Text Editor < 6.6 - Path Traversal and Arbitrary File Write via ServerMapPath Function

CVE-2021-47749 MEDIUM

YouPHPTube <= 7.8 - Unauthenticated Path Traversal via Lang Parameter

CVE-2021-47724 MEDIUM

STVS ProVision 5.9.10 - Authenticated Path Traversal via Archive Download Files Parameter

CVE-2021-4463 HIGH

Longjing Technology BEMS API <=1.21 - Info Disclosure

CVE-2021-26102 CRITICAL

FortiWAN 4.4.0-4.5.7 - Unauthenticated Path Traversal via Crafted POST Request

CVE-2021-1465 MEDIUM

Cisco Catalyst SD-WAN Manager - Authenticated Path Traversal and Arbitrary File Write via HTTP Request

CVE-2021-27916 HIGH

Mautic 3.3.0-4.4.11 - Authenticated Path Traversal and Arbitrary File Deletion via GrapesJS Builder

CVE-2021-31156 HIGH

Allied Telesis AT-S115 <1.00.024 - Path Traversal

Previous Page 188 of 369 Next

Details

Vulnerabilities 9,221

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy