Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,116 vulnerabilities with CWE-22

CVE-2026-31939 HIGH

Path Traversal (Arbitrary File Delete) in Chamilo LMS

CVE-2026-40157 CRITICAL

PraisonAI affected by arbitrary file write via path traversal in `praisonai recipe unpack`

CVE-2026-40086 MEDIUM

Rembg <2.0.75 Custom Model Loading - Path Traversal

CVE-2026-35668 HIGH

OpenClaw < 2026.3.24 - Sandbox Media Root Bypass via Unnormalized mediaUrl and fileUrl Parameters

CVE-2026-6057 CRITICAL

Unauthenticated Path Traversal in FalkorDB Browser Leads to Remote Code Execution

CVE-2026-6024 HIGH

Tenda i6 HTTP R7WebsSecurityHandlerfunction path traversal

CVE-2026-5998 MEDIUM

zhayujie chatgpt-on-wechat CowAgent API Memory Content Endpoint service.py dispatch path traversal

CVE-2026-4351 HIGH

Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter

CVE-2026-40152 MEDIUM

PraisonAIAgents <1.5.128 list_files Glob Pattern - Path Traversal

CVE-2026-35206 MEDIUM

Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment

CVE-2026-39977 MEDIUM

flatpak-builder 1.4.5-1.4.7 license-files - Arbitrary File Read

CVE-2026-39981 HIGH

AGiXT <1.9.2 safe_join() - Path Traversal

CVE-2026-5962 HIGH

Tenda CH22 httpd R7WebsSecurityHandlerfunction path traversal

CVE-2026-35204 HIGH

Helm 4.0.0-4.1.3 Plugin Metadata - Arbitrary File Write

CVE-2026-5849 HIGH

Tenda i12 HTTP path traversal

CVE-2026-5841 HIGH

Tenda i3 HTTP R7WebsSecurityHandler path traversal

CVE-2026-40027 HIGH

ALEAPP NQ Vault Artifact Parser Path Traversal

CVE-2026-40024 HIGH

Sleuth Kit tsk_recover Path Traversal

CVE-2026-5436 HIGH

MW WP Form <= 5.1.1 - Unauthenticated Arbitrary File Move via regenerate_upload_file_keys

CVE-2026-39844 MEDIUM

NiceGUI <3.10.0 Windows Upload Filename - Path Traversal

CVE-2026-39859 HIGH

LiquidJS <10.25.3 renderFile() and parseFile() - Arbitrary File Read

CVE-2026-33466 HIGH

Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write

CVE-2026-39408 HIGH

Hono <4.12.12 toSSG() - Path Traversal

CVE-2026-39407 MEDIUM

Hono <4.12.12 serveStatic - Middleware Bypass

CVE-2026-39406 MEDIUM

@hono/node-server <1.19.13 serveStatic - Middleware Bypass

Previous Page 20 of 365 Next

Details

Vulnerabilities 9,116

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy