Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,222 vulnerabilities with CWE-22

CVE-2021-29134 MEDIUM

Gitea < 1.13.6 - Path Traversal via Avatar Middleware

CVE-2021-45010 HIGH

Tiny File Manager < 2.4.7 - Authenticated Path Traversal and Remote Code Execution via File Upload

CVE-2021-24692 MEDIUM

Simple Download Monitor <3.9.5 - Path Traversal

CVE-2021-45887 CRITICAL

PONTON X/P Messenger - Path Traversal and Remote Code Execution via ZIP Upload in SchemaSetUpload

CVE-2021-42857 MEDIUM

Riverbed SteelCentral AppInternals Dynamic Sampling Agent 11.0.0-11.8.7 - Path Traversal via AgentDaServlet API

CVE-2021-42854 CRITICAL

SteelCentral AppInternals Dynamic Sampling Agent 11.0.0-11.8.7 - Path Traversal via PluginServlet API

CVE-2021-42853 CRITICAL

SteelCentral AppInternals Dynamic Sampling Agent 11.0.0-11.8.7 - Path Traversal via AgentDiagnosticServlet Logs API

CVE-2021-42787 CRITICAL

SteelCentral AppInternals Dynamic Sampling Agent 11.0.0-11.8.7 - Path Traversal and Arbitrary File Write

CVE-2021-32008 CRITICAL

Secomea GateManager <9.6.621421014 - Path Traversal

CVE-2021-46381 HIGH

D-Link DAP-1620 Firmware - Path Traversal and Unauthorized File Read

CVE-2021-3762 CRITICAL

Clair 0.4.6-0.4.7 - Path Traversal and Arbitrary File Write

CVE-2021-41002 HIGH

ArubaOS-CX 10.06.0001-10.06.0170 - Authenticated Path Traversal via CLI

CVE-2021-43070 MEDIUM

FortiWLM <8.6.2-8.3.3 - Path Traversal

CVE-2021-42767 CRITICAL

Neo4J Graph Database < 4.4.0.1 - Path Traversal and Arbitrary File Write via APOC Plugins

CVE-2021-24820 MEDIUM

Cost Calculator WP <1.5-1.6 - Path Traversal

CVE-2021-24689 MEDIUM

Contact Forms <1.0.5 - Path Traversal

CVE-2021-44665 MEDIUM

Xerte < 3.10.3 - Path Traversal via Project File Download

CVE-2021-44664 HIGH

Xerte < 3.9 - Authenticated Remote Code Execution via Language File Upload

CVE-2021-45746 HIGH

WeBankPartners wecube-platform <3.2.1 - Path Traversal

CVE-2021-27755 MEDIUM

HCL Sametime < 11.6.5 - Path Traversal via File Class

CVE-2021-27753 MEDIUM

HCL Sametime < 11.6.5 - Path Traversal

CVE-2021-25082 HIGH

Popup Builder WordPress <4.0.7 - Code Injection

CVE-2021-40841 MEDIUM

LiveConfig < 2.12.2 - Authenticated Path Traversal via Log File

CVE-2021-26619 HIGH

bigfileagent < 1.0.1.7 - Path Traversal and Arbitrary File Deletion

CVE-2021-35380 HIGH

Solari di Udine TTServer 3.24.0.2 - Path Traversal

Previous Page 192 of 369 Next

Details

Vulnerabilities 9,222

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy