Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,223 vulnerabilities with CWE-22

CVE-2021-21692 CRITICAL

Jenkins < 2.303.3 and < 2.319 - Path Traversal via FilePath#renameTo and FilePath#moveAllChildrenTo

CVE-2021-21690 CRITICAL

Jenkins < 2.303.3 and < 2.319 - Path Traversal via Agent File Path Wrapping

CVE-2021-34701 MEDIUM

Cisco Unified Communications Manager <14su1 - Authenticated Path Traversal via Web Management Interface

CVE-2021-34594 MEDIUM

Beckhoff TF6100 and TS6100 Firmware < 4.3.48.0 - Path Traversal and Arbitrary File Manipulation

CVE-2021-33800 HIGH

Druid 1.2.3 - Path Traversal

CVE-2021-43264 LOW

Mahara <20.04.5, 20.10.3, 21.04.2, 21.10.0 - Path Traversal

CVE-2021-29212 CRITICAL

HPE iLO Amplifier Pack 1.80, 1.81, 1.90, 1.95 - Unauthenticated Path Traversal and Remote Code Execution

CVE-2021-3823 HIGH

Bitdefender GravityZone <3.3.8.249 - Path Traversal

CVE-2021-22404 MEDIUM

Huawei EMUI and Magic UI - Path Traversal

CVE-2021-34762 HIGH

Cisco Firepower Management Center - Authenticated Path Traversal and Arbitrary File Write via HTTPS Request

CVE-2021-37130 HIGH

Huawei FusionCube 6.0.2 - Path Traversal via Crafted Filename

CVE-2021-37124 MEDIUM

Huawei PC Smart Full Scene and PCManager - Path Traversal via Special Character Bypass

CVE-2021-41185 HIGH

Mycodo < 8.12.7 - Path Traversal via File Download Endpoint

CVE-2021-41178 HIGH

Nextcloud <20.0.13, 21.0.5, 22.2.0 - Path Traversal

CVE-2021-34860 MEDIUM

D-Link DAP-2020 Firmware < 1.01 - Unauthenticated Path Traversal via getpage Parameter

CVE-2021-40371 CRITICAL

Gridpro Request Management <2.0.7912 - Path Traversal

CVE-2021-42556 MEDIUM

Rasa X < 0.42.4 - Path Traversal and Arbitrary File Write via Model Archive Extraction

CVE-2021-42542 HIGH

Emerson Wireless 1410/1410D/1420 Gateway Firmware < 4.7.94 - Path Traversal via Backup Folder Structure

CVE-2021-35230 MEDIUM

Kiwi CatTools - Privilege Escalation

CVE-2021-41127 HIGH

rasa < 2.8.10 - Path Traversal and Arbitrary File Write via Malicious Model Tarball

CVE-2021-42771 HIGH

Babel < 2.9.1 - Remote Code Execution via Locale .dat File Path Traversal

CVE-2021-41150 HIGH

Tough < 0.12.0 - Path Traversal via Delegated Role Name Sanitization

CVE-2021-31385 HIGH

Juniper Junos OS - Authenticated Path Traversal Privilege Escalation to Root via J-Web

CVE-2021-41149 HIGH

Tough < 0.12.0 - Path Traversal and Arbitrary File Write via Target Name Sanitization Bypass

CVE-2021-41131 HIGH

The Update Framework < 0.18.1 and TUF < 0.19.0 - Path Traversal via Role Name

Previous Page 198 of 369 Next

Details

Vulnerabilities 9,223

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy