Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,225 vulnerabilities with CWE-22

CVE-2021-42013 CRITICAL KEV

Apache HTTP Server 2.4.49-2.4.50 - Path Traversal and Remote Code Execution via Alias-like Directives

CVE-2021-37922 MEDIUM

ManageEngine ADManager Plus <= 7110 - Path Traversal

CVE-2021-40978 HIGH

mkdocs 1.2.2 - Path Traversal via Dev-Server Port 8000

CVE-2021-21683 MEDIUM

Jenkins < 2.303.1, < 2.314 - Path Traversal via Windows File Browser

CVE-2021-34711 MEDIUM

Cisco IP Phone Firmware < 14.1(1) - Authenticated Arbitrary File Read via Debug Shell Command

CVE-2021-25485 HIGH

FactoryAirCommnadManger <SMR Oct-2021 Release 1 - Path Traversal

CVE-2021-41773 CRITICAL KEV

Apache 2.4.49/2.4.50 Traversal RCE

CVE-2021-41579 HIGH

LCDS LAquis SCADA <= 4.3.1.1085 - Path Traversal and Arbitrary File Write via Malicious ELS Project File

CVE-2021-41578 HIGH

mySCADA myDESIGNER <= 8.20.0 - Path Traversal and Arbitrary File Write via Project File Import

CVE-2021-41596 MEDIUM

SuiteCRM < 7.10.33 and 7.11.22 - Path Traversal and Information Disclosure via RefreshMapping Import

CVE-2021-41595 MEDIUM

SuiteCRM < 7.10.33 and 7.11.22 - Directory Traversal via Import Step3 file_name Parameter

CVE-2021-41103 HIGH

containerd < 1.4.11 - Unauthenticated Path Traversal and Privilege Escalation via Insufficient Directory Permissions

CVE-2021-21706 MEDIUM

PHP 7.3.0-7.3.30 - Path Traversal and Arbitrary File Write via ZipArchive::extractTo

CVE-2021-40960 CRITICAL

Galera WebTemplate 1.0 - Path Traversal

CVE-2021-3710 MEDIUM

apport - Information Disclosure via Path Traversal in read_file()

CVE-2021-3709 MEDIUM

apport Path Traversal in check_attachment_for_errors()

CVE-2021-41324 MEDIUM

Pydio Cells 2.2.9 - Authenticated Directory Traversal via Copy/Move/Delete Features

CVE-2021-41323 MEDIUM

Pydio Cells 2.2.9 - Authenticated Path Traversal via Compress Feature Format Parameter

CVE-2021-41294 CRITICAL

ECOA BAS controller - Path Traversal

CVE-2021-41293 HIGH

ECOA BAS controller - Path Traversal

CVE-2021-41291 HIGH

ECOA BAS controller - Path Traversal

CVE-2021-41290 CRITICAL

ECOA BAS controller - Path Traversal

CVE-2021-40651 MEDIUM

OS4Ed OpenSIS Community 8.0 - Info Disclosure

CVE-2021-35027 HIGH

Zyxel ZyWALL VPN2S Firmware 1.12 - Path Traversal

CVE-2021-36286 HIGH

Dell SupportAssist Client Consumer <3.9.13.0 - Path Traversal

Previous Page 200 of 369 Next

Details

Vulnerabilities 9,225

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy