Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,222 vulnerabilities with CWE-22

CVE-2021-40003 MEDIUM

HarmonyOS < 2.0 - Path Traversal in HwPCAssistant

CVE-2021-40001 MEDIUM

HarmonyOS < 2.0 - Path Traversal in CaasKit Module

CVE-2021-44351 HIGH

NavigateCMS 2.9 - Arbitrary File Read via navigate_download.php id Parameter

CVE-2021-45452 MEDIUM

Django 2.2-2.2.25, 3.2-3.2.10, 4.0-4.0.0 - Path Traversal via Storage.save

CVE-2021-39143 MEDIUM

Spinnaker < 1.24.7 - Path Traversal via TAR File Extraction in AppEngine Deployments

CVE-2021-40525 CRITICAL

Apache James <3.6.1 - Path Traversal

CVE-2021-39970 HIGH

HarmonyOS < 2.0 - Path Traversal in HwPCAssistant

CVE-2021-37128 CRITICAL

HarmonyOS < 2.0 - Path Traversal and Arbitrary File Write

CVE-2021-37126 HIGH

HarmonyOS < 2.0 - Path Traversal and Information Exposure

CVE-2021-44674 MEDIUM

Opmantek Open-AudIT 4.2.0 - Authenticated Path Traversal

CVE-2021-25021 MEDIUM

OMGF | Host Google Fonts Locally WP <4.5.12 - Path Traversal

CVE-2021-25020 MEDIUM

CAOS | Host Google Analytics Locally <4.1.9 - Path Traversal

CVE-2021-20134 HIGH

D-Link DIR-2640-US Firmware <= 1.11B02 - Authenticated Path Traversal and Remote Code Execution via Quagga Log File

CVE-2021-20133 MEDIUM

D-Link DIR-2640-US Firmware <= 1.11B02 - Authenticated Path Traversal and Information Disclosure via Quagga Services

CVE-2021-45427 CRITICAL

Emerson XWEB 300D EVO 3.0.7--3ee403 - Unauthenticated Path Traversal and Arbitrary File Deletion

CVE-2021-45712 HIGH

rust-embed < 6.3.0 - Path Traversal in Debug Mode

CVE-2021-20876 MEDIUM

GroupSession <5.1.1 - Info Disclosure

CVE-2021-44548 CRITICAL

Apache Solr < 8.11.1 - Path Traversal via DataImportHandler Windows UNC Path

CVE-2021-21909 HIGH

Garrett IC Module Firmware - Arbitrary File Deletion via Crafted Command Line Arguments

CVE-2021-21908 MEDIUM

Garrett IC Module Firmware - Authenticated Arbitrary File Deletion via Unsanitized File Parameter

CVE-2021-21907 MEDIUM

Garrett iC Module CMA 5.0 - Path Traversal via CMA CLI getenv Command

CVE-2021-21904 HIGH

Garrett iC Module CMA 5.0 - Path Traversal via CMA CLI setenv Command

CVE-2021-21896 MEDIUM

Lantronix PremierWave 2050 8.9.0.0R4 Path Traversal & File Deletion via Web Manager

CVE-2021-21895 HIGH

Lantronix PremierWave 2050 8.9.0.0R4 Path Traversal & Arbitrary File Write via Web Manager

CVE-2021-21894 CRITICAL

Lantronix PremierWave 2050 8.9.0.0R4 Path Traversal & Arbitrary File Write via Web Manager

Previous Page 194 of 369 Next

Details

Vulnerabilities 9,222

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy