Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,225 vulnerabilities with CWE-22

CVE-2021-41149 HIGH

Tough < 0.12.0 - Path Traversal and Arbitrary File Write via Target Name Sanitization Bypass

CVE-2021-41131 HIGH

The Update Framework < 0.18.1 and TUF < 0.19.0 - Path Traversal via Role Name

CVE-2021-42261 HIGH

Revisor Video Management System < 2.0.0 - Path Traversal

CVE-2021-41152 HIGH

OpenOlat < 15.5.8 - Path Traversal via Folder Component File Download

CVE-2021-41151 MEDIUM

Backstage 0.9.4-0.15.8 - Path Traversal via Scaffolder Template Source Path

CVE-2021-40724 HIGH

Acrobat Reader for Android <21.8.0 - Path Traversal

CVE-2021-40988 HIGH

Aruba ClearPass Policy Manager 6.8.0-6.8.8 - Path Traversal

CVE-2021-3874 MEDIUM

BookStack < 21.08.5 - Path Traversal

CVE-2021-38346 HIGH

Brizy Page Builder <=2.3.11 - Path Traversal

CVE-2021-33178 MEDIUM

NagVis < 1.9.29 - Authenticated Path Traversal and Arbitrary File Deletion via Manage Backgrounds

CVE-2021-20125 CRITICAL

Draytek VigorConnect 1.6.0-B3 - Unauthenticated Arbitrary File Upload and Path Traversal via DownloadFileServlet

CVE-2021-20124 HIGH KEV

Draytek VigorConnect 1.6.0-B3 - Unauthenticated Path Traversal and Arbitrary File Read via WebServlet Endpoint

CVE-2021-20123 HIGH KEV

Draytek VigorConnect 1.6.0-B3 - Unauthenticated Path Traversal via DownloadFileServlet Endpoint

CVE-2021-20796 MEDIUM

Cybozu Remote Service <3.1.8 - Path Traversal

CVE-2021-37734 MEDIUM

Aruba Instant Path Traversal in <6.4.4.8-4.2.4.19, <6.5.4.19, <8.5.0.12, <8.6.0.11, <=8.7.1.3, <8.8.0.0

CVE-2021-38460 HIGH

Moxa MXview <3.2.2 - Path Traversal

CVE-2021-38454 CRITICAL

Moxa MXview <3.2.2 - Path Traversal

CVE-2021-38452 HIGH

Moxa MXview <3.2.2 - Path Traversal

CVE-2021-33726 HIGH

SINEC NMS <V1.0 SP2 Update 1 - Path Traversal

CVE-2021-33725 CRITICAL

SINEC NMS <V1.0 SP2 Update 1 - Path Traversal

CVE-2021-33724 CRITICAL

SINEC NMS <V1.0 SP2 Update 1 - Privilege Escalation

CVE-2021-33722 MEDIUM

SINEC NMS <V1.0 SP2 Update 1 - Path Traversal

CVE-2021-29006 MEDIUM

rconfig 3.9.6 - Authenticated Path Traversal

CVE-2021-40887 CRITICAL

Projectsend r1295 - Path Traversal via files[] Parameter

CVE-2021-40886 MEDIUM

Projectsend r1295 - Path Traversal via Chunks Parameter Bypass

Previous Page 199 of 369 Next

Details

Vulnerabilities 9,225

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy