Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,233 vulnerabilities with CWE-22

CVE-2021-28207 MEDIUM

ASUS BMC Firmware - Authenticated Path Traversal via Get Help File Function

CVE-2021-28206 MEDIUM

ASUS BMC Firmware - Authenticated Path Traversal via Record Video File Function

CVE-2021-28205 MEDIUM

ASUS BMC Firmware - Authenticated Path Traversal via Delete SOL Video File Function

CVE-2021-3374 MEDIUM

RStudio Shiny Server < 1.5.16 - Path Traversal via Encoded Slash

CVE-2021-20078 CRITICAL

ManageEngine OpManager < 125346 - Remote Denial of Service via Spark Gateway Path Traversal

CVE-2021-27276 HIGH

NETGEAR ProSAFE Network Management System 1.6.0.26 - Path Traversal

CVE-2021-27275 HIGH

NETGEAR ProSAFE Network Management System 1.6.0.26 - Info Disclosure

CVE-2021-27272 HIGH

NETGEAR ProSAFE Network Management System 1.6.0.26 - File Deletion

CVE-2021-29417 CRITICAL

gitjacker < 0.1.0 - Remote Code Execution via Directory Traversal

CVE-2021-20206 HIGH

container_network_interface < 0.8.1 - Path Traversal via Plugin Type Field

CVE-2021-25367 LOW

Samsung Notes <4.2.00.22 - Path Traversal

CVE-2021-1436 MEDIUM

Cisco IOS XE SD-WAN - Authenticated Path Traversal via CLI

CVE-2021-1435 HIGH

Cisco IOS XE - Authenticated Remote Code Execution via Web UI Command Injection

CVE-2021-1385 MEDIUM

Cisco IOS and IOS XE - Authenticated Path Traversal via IOx API URI

CVE-2021-21402 HIGH

Jellyfin < 10.7.1 - Unauthenticated Arbitrary File Read via Path Traversal

CVE-2021-21357 HIGH

TYPO3 < 8.7.40, 9.5.25, 10.4.14, 11.1.1 - Authenticated Path Traversal and Arbitrary File Write via Form Designer Module

CVE-2021-20218 HIGH

Redhat Kubernetes-client < 4.7.2 - Path Traversal

CVE-2021-23357 LOW

Tyk - Path Traversal and Arbitrary File Deletion via Management API APIID Parameter

CVE-2021-20669 MEDIUM

GROWI <= 4.2.2 - Authenticated Path Traversal via Specially Crafted URL

CVE-2021-20668 LOW

GROWI <= 4.2.2 - Authenticated Path Traversal via Specially Crafted URL

CVE-2021-26294 HIGH

AfterLogic Aurora and WebMail Pro < 7.7.9 - Unauthenticated Path Traversal via CalDAV Server Endpoint

CVE-2021-26814 HIGH

Wazuh 4.0.0-4.0.3 - Authenticated Remote Code Execution via /manager/files API

CVE-2021-28042 HIGH

Deutsche Post Mailoptimizer <4.3 - Path Traversal

CVE-2021-26293 CRITICAL

AfterLogic Aurora and WebMail Pro < 8.5.3 - Path Traversal and Arbitrary File Write via DAV Server

CVE-2021-26028 MEDIUM

Joomla! 3.0.0-3.9.24 - Path Traversal and Arbitrary File Write via Archive Zip Extraction

Previous Page 209 of 370 Next

Details

Vulnerabilities 9,233

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy