Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,230 vulnerabilities with CWE-22

CVE-2021-28588 HIGH

Adobe RoboHelp Server < 2019.0.9 - Authenticated Path Traversal via HTTP POST Request

CVE-2021-28584 MEDIUM

Magento < 2.3.6 and 2.4.0-2.4.2-p1 - Authenticated Path Traversal and Arbitrary File Write via Child Theme Creation

CVE-2021-21102 HIGH

Adobe Illustrator <25.2 - Path Traversal

CVE-2021-21090 HIGH

Adobe InCopy <16.0 - Path Traversal

CVE-2021-29157 HIGH

Dovecot < 2.3.15 - Path Traversal via OAuth2 JWT Validation Key Path

CVE-2021-29087 HIGH

Synology DiskStation Manager < 6.2.3-25426-3 - Path Traversal and Arbitrary File Write via WebAPI Component

CVE-2021-31272 CRITICAL

SerenityOS < 3844e8569689dd476064a0759d704bc64fb3ca2c - Path Traversal in tar/unzip

CVE-2021-32954 MEDIUM

Advantech WebAccess/SCADA <9.0.1 - Path Traversal

CVE-2021-33576 CRITICAL

Cleo LexiCom 5.5.0.0 - Path Traversal

CVE-2021-34553 MEDIUM

Sonatype Nexus Repository Manager 3.0.0-3.30.0 - Authenticated Path Traversal via Blob File Access

CVE-2021-34129 HIGH

LaikeTui 3.5.0 - Authenticated Path Traversal and Arbitrary File Deletion via Upload Parameters

CVE-2021-32682 CRITICAL

elFinder < 2.1.59 - Remote Code Execution via Archive Command Injection

CVE-2021-22762 HIGH

IGSS Definition <15.0.0.21140 - RCE

CVE-2021-24035 CRITICAL

WhatsApp and WhatsApp Business < 2.21.8.13 - Path Traversal via Archive Extraction

CVE-2021-31538 HIGH

LANCOM R&S Unified Firewall LCOS FX 10.5 - Path Traversal

CVE-2021-34363 CRITICAL

the_fuck < 3.31 - Path Traversal and Arbitrary File Deletion via Undo Archive Operation

CVE-2021-0097 MEDIUM

Intel Server Board M10JNP2SB BMC Firmware < bmc_8100.01.08 - Unauthenticated Path Traversal and Denial of Service

CVE-2021-33203 MEDIUM

Django <2.2.24, 3.x <3.1.12, 3.2.x <3.2.4 - Path Traversal

CVE-2021-32674 HIGH

Zope < 4.6.1 and 5.0-5.2.1 - Authenticated Path Traversal via TAL Expression

CVE-2021-23391 HIGH

calipso - Path Traversal and Arbitrary File Write via Module Install Functionality

CVE-2021-33896 MEDIUM

dino < 0.1.2 and 0.2.x < 0.2.1 - Path Traversal via URI-Encoded Path Separators

CVE-2021-20517 HIGH

IBM WebSphere Application Server ND 8.5.0.0-8.5.5.19 - Authenticated Path Traversal via URL Request

CVE-2021-32662 MEDIUM

Backstage < 0.6.3 - Path Traversal via docs_dir in mkdocs.yml

CVE-2021-29091 HIGH

Synology Photo Station < 6.8.14-3500 - Authenticated Path Traversal and Arbitrary File Write

CVE-2021-33183 HIGH

Synology Docker <18.09.0-0515 - Path Traversal

Previous Page 206 of 370 Next

Details

Vulnerabilities 9,230

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy