Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,230 vulnerabilities with CWE-22

CVE-2021-33182 MEDIUM

Synology DSM <6.2.4-25553 - Path Traversal

CVE-2021-29088 HIGH

Synology DiskStation Manager < 6.2.4-25553 - Local Arbitrary Code Execution via Path Traversal in CGI Component

CVE-2021-29492 HIGH

Envoy < 1.15.5 - Path Traversal via Escaped Slash Sequences

CVE-2021-32643 MEDIUM

http4s 0.21.7-0.21.23 0.22.0-M1-0.22.0-M8 0.23.0-M1 1.0.0-M1-1.0.0-M22 - Directory Presence Leak via StaticFile.fromUrl

CVE-2021-22736 HIGH

homeLYnk Wiser For KNX <V2.60 - Path Traversal

CVE-2021-29695 MEDIUM

IBM 8335-GCA/GTB/GTA Firmware - Path Traversal and Arbitrary File Deletion via Crafted URL Request

CVE-2021-21001 CRITICAL

WAGO PFC200 Firmware - Authenticated Path Traversal

CVE-2021-33497 CRITICAL

Dutchcoders transfer.sh <1.2.4 - Path Traversal

CVE-2021-32633 MEDIUM

Plone < 4.3.20 - Path Traversal

CVE-2021-28798 HIGH

QNAP QTS 4.3.2.0144-4.3.3.1624 and QuTS hero < h4.5.2.1638 - Relative Path Traversal

CVE-2021-3426 MEDIUM

Python < 3.8.9, < 3.9.3, < 3.10.0a7 - Information Disclosure via pydoc Server

CVE-2021-27461 HIGH

Emerson Rosemount X-STREAM - Info Disclosure

CVE-2021-32572 HIGH

Speco Web Viewer < 2021-05-12 - Path Traversal via URI with /..

CVE-2021-28149 MEDIUM

Hongdian H8922 3.0.5 Devices - Local File Inclusion

CVE-2021-32062 MEDIUM

MapServer < 7.0.8, 7.1.x-7.2.x < 7.2.3, 7.3.x-7.4.x < 7.4.5, 7.5.x-7.6.x < 7.6.3 - Path Traversal via Mapfile Loading

CVE-2021-1532 MEDIUM

Cisco TelePresence <9.14.6 & RoomOS <10.3.1 Authenticated Arbitrary File Read

CVE-2021-29101 HIGH

ArcGIS GeoEvent Server <= 10.8.1 - Unauthenticated Path Traversal

CVE-2021-29100 HIGH

Esri ArcGIS Earth < 1.11.0 - Path Traversal and Arbitrary File Write via Crafted File Upload

CVE-2021-31542 HIGH

Django 2.2-2.2.20, 3.1-3.1.8, 3.2-3.2.0 - Path Traversal via Uploaded File Name

CVE-2021-29246 MEDIUM

BTCPay Server < 1.0.7.0 - Authenticated Path Traversal and Remote Code Execution via Plugin Upload

CVE-2021-31800 CRITICAL

Impacket < 0.9.22 - Path Traversal and Arbitrary File Write via SMB Server

CVE-2021-28959 CRITICAL

Zoho ManageEngine Eventlog Analyzer <= 12147 - Path Traversal & RCE via ZIP Entry

CVE-2021-1256 MEDIUM

Cisco Firepower Threat Defense < 6.4.0 - Authenticated Arbitrary File Write via CLI Directory Traversal

CVE-2021-31421 MEDIUM

Parallels Desktop 16.1.1-49141 - Arbitrary File Deletion via Toolgate Path Traversal

CVE-2021-30048 MEDIUM

novel_boutique_house-plus 3.5.1 - Path Traversal via File Download filePath Parameter

Previous Page 207 of 370 Next

Details

Vulnerabilities 9,230

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy