Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,221 vulnerabilities with CWE-22

CVE-2021-46902 HIGH

Meinberg LANTIME-Firmware <6.24.029 - Path Traversal

CVE-2021-22281 MEDIUM

B&R Industrial Automation Studio 4.0-4.12 - Path Traversal

CVE-2021-24566 HIGH

WooCommerce Currency Switcher FOX < 1.3.7 - Local File Inclusion via woocs Shortcode

CVE-2021-42797 HIGH

AVEVA Edge < 2020 - Unauthenticated Path Traversal

CVE-2021-35975 MEDIUM

Systematica SMTP Adapter <2.0.1.101 - Path Traversal

CVE-2021-22151 LOW

Kibana 7.9.0-7.13.4 - Path Traversal via .pbf File Loading

CVE-2021-26736 MEDIUM

Zscaler Client Connector < 3.6 - Local Privilege Escalation via Path Traversal

CVE-2021-46897 MEDIUM

Wagtail CRX CodeRed Extensions <0.22.3 - Path Traversal

CVE-2021-28485 MEDIUM

Ericsson MSC Server BC 18A Firmware IS 3.1 - Authenticated Path Traversal via SIS Web App

CVE-2021-35980 HIGH

Acrobat Reader DC <2021.005.20054 - Path Traversal

CVE-2021-28644 HIGH

Adobe Acrobat and Reader DC < 21.005.20058 and < 17.011.30199 - Path Traversal and Code Execution

CVE-2021-26504 HIGH

dgtl huemagic 3.0.0 - Path Traversal via res.sendFile API

CVE-2021-27825 HIGH

Mercury MAC1200R Firmware - Unauthenticated Path Traversal via web-static/ URL

CVE-2021-33353 CRITICAL

Wyomind Help Desk Magento 2 <1.3.7 - Path Traversal

CVE-2021-36471 CRITICAL

AdminLTE 3.1.0 - Path Traversal via Index2 and Index3 URIs

CVE-2021-37317 CRITICAL

ASUS RT-AC68U Firmware < 3.0.0.4.386.41634 - Path Traversal and Arbitrary File Write via Cloud Disk COPY/MOVE Operations

CVE-2021-36425 MEDIUM

phpwcms < 1.9.26 - Path Traversal and Arbitrary File Deletion via FTP Takeover Unlink Method

CVE-2021-41143 HIGH

OpenMage LTS <19.4.22-20.0.19 - RCE

CVE-2021-37500 HIGH

Reprise License Manager < 16.0 - Path Traversal and Arbitrary File Write via Diagnostics Function

CVE-2021-39369 MEDIUM

Philips Vue MyVue PACS through 12.2.x.x - Authenticated Path Traversal via VideoStream Function

CVE-2021-46856 HIGH

Multi-Screen Collaboration Module - Path Traversal

CVE-2021-45448 HIGH

Hitachi Vantara Pentaho 8.3.0.0-8.3.0.25 - Path Traversal via Analyzer Plugin Template Endpoint

CVE-2021-40661 HIGH

IND780 Advanced Weighing Terminals <8.0.07,7.2.10 - Path Traversal

CVE-2021-38399 HIGH

Honeywell Experion PKS - Path Traversal

CVE-2021-22685 MEDIUM

Cassia Networks Access Controller <2.0.1 - Info Disclosure

Previous Page 189 of 369 Next

Details

Vulnerabilities 9,221

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy