Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,225 vulnerabilities with CWE-22

CVE-2021-41072 HIGH

Squashfs-Tools 4.5 - Path Traversal

CVE-2021-38360 HIGH

wp-publications <= 0.0 - Local File Inclusion via Q_FILE Parameter

CVE-2021-25452 MEDIUM

DSP driver <SMR Sep-2021 Release 1 - DoS

CVE-2021-25450 MEDIUM

FactoryAirCommnadManger <SMR Sep-2021 Release 1 - Path Traversal

CVE-2021-1815 MEDIUM

iPadOS < 14.5 - Path Traversal and Arbitrary File Write via Directory Path Handling

CVE-2021-1740 MEDIUM

iPadOS < 14.5 - Path Traversal via Directory Path Handling

CVE-2021-1739 MEDIUM

iPadOS < 14.5 - Path Traversal

CVE-2021-39500 HIGH

Eyoucms 1.5.4 - Path Traversal and Arbitrary File Write via tpldir Parameter

CVE-2021-37733 MEDIUM

Aruba SD-WAN 2.2.0.0-2.2.0.3 and ArubaOS 8.3.0.0-8.3.0.15 - Path Traversal

CVE-2021-37731 MEDIUM

Aruba SD-WAN 2.2.0.0-2.2.0.3 and ArubaOS 8.3.0.0-8.3.0.14 - Path Traversal

CVE-2021-37729 MEDIUM

Aruba SD-WAN < 2.2.0.4 and ArubaOS < 6.4.4.25 - Path Traversal

CVE-2021-37728 MEDIUM

ArubaOS < 8.5.0.13, 8.6.0.11, 8.7.1.4, 8.8.0.1 - Path Traversal

CVE-2021-36717 MEDIUM

Synerion TimeNet 9.21 - Path Traversal via Name Parameter

CVE-2021-34436 CRITICAL

Eclipse Theia 0.1.1-0.2.0 - Remote Code Execution and XML External Entity Injection via theia-xml-extension

CVE-2021-22704 CRITICAL

Vijeo Designer < 6.2.11 and < 1.2 and EcoStruxure Machine Expert < 2.0 - Path Traversal via FTP Connection

CVE-2021-36031 HIGH

Magento Commerce <2.4.2-2.3.7 - Path Traversal

CVE-2021-23428 HIGH

elFinder.NetCore - Path Traversal via Path.Combine

CVE-2021-23427 HIGH

elFinder.NetCore - Path Traversal and Arbitrary File Write via ExtractAsync Function

CVE-2021-39109 HIGH

Atlassian Atlasboard < 1.1.9 - Path Traversal via renderWidgetResource

CVE-2021-39180 HIGH

OpenOLAT < 15.3.18 - Authenticated Path Traversal and Arbitrary File Write via ZIP Archive Extraction

CVE-2021-37713 HIGH

npmjs/tar < 4.4.18 - Arbitrary File Creation/Overwrite and Code Execution via Path Traversal

CVE-2021-37712 HIGH

tar < 4.4.18, 5.0.10, 6.1.9 - Arbitrary File Creation and Overwrite via Unicode Normalization Bypass

CVE-2021-37701 HIGH

npmjs/tar < 4.4.16 - Arbitrary File Creation and Overwrite via Symlink Directory Cache Bypass

CVE-2021-39316 HIGH

Zoomsounds <= 6.45 - Unauthenticated Arbitrary File Read via dzsap_download Action

CVE-2021-33555 HIGH

PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 - Path Traversal

Previous Page 202 of 369 Next

Details

Vulnerabilities 9,225

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy