Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,122 vulnerabilities with CWE-22

CVE-2026-39844 MEDIUM

NiceGUI <3.10.0 Windows Upload Filename - Path Traversal

CVE-2026-39859 HIGH

LiquidJS <10.25.3 renderFile() and parseFile() - Arbitrary File Read

CVE-2026-33466 HIGH

Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write

CVE-2026-39408 HIGH

Hono <4.12.12 toSSG() - Path Traversal

CVE-2026-39407 MEDIUM

Hono <4.12.12 serveStatic - Middleware Bypass

CVE-2026-39406 MEDIUM

@hono/node-server <1.19.13 serveStatic - Middleware Bypass

CVE-2026-3243 HIGH

Advanced Members for ACF <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Path Traversal

CVE-2026-39847 CRITICAL

Emmett 2.5.0-2.8.0 Internal Assets Handler - Path Traversal

CVE-2026-34371 MEDIUM

LibreChat Affected by Arbitrary File Write via `execute_code` Artifact Filename Traversal

CVE-2026-34079 HIGH

Flatpak affected by arbitrary file deletion on the host filesystem

CVE-2026-39369 HIGH

WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs

CVE-2026-39365 MEDIUM

Vite Optimized Dependency Source Maps - Path Traversal

CVE-2026-39345 MEDIUM

OrangeHRM Affected by Arbitrary File Read via Path Traversal in Email Template Loader

CVE-2026-35573 CRITICAL

ChurchCRM <6.5.3 Backup Restore - Remote Code Execution

CVE-2026-24147 MEDIUM

NVIDIA Triton Inference Server < 26.02 - Path Traversal via Model Configuration Upload

CVE-2026-39308 HIGH

PraisonAI recipe registry publish path traversal allows out-of-root file write

CVE-2026-39307 HIGH

PraisonAI <1.5.113 Template Extraction - Zip Slip

CVE-2026-39306 HIGH

PraisonAI recipe registry pull path traversal writes files outside the chosen output directory

CVE-2026-39305 CRITICAL

Arbitrary File Write / Path Traversal in Action Orchestrator

CVE-2026-35615 HIGH

PraisonAI <1.5.113 FileTools - Path Traversal

CVE-2026-35613 MEDIUM

Path traversal in coursevault-preview due to improper base-directory boundary validation

CVE-2026-35605 HIGH

File Browser <2.63.1 Path Matching - Access Rule Bypass

CVE-2026-35592 MEDIUM

pyLoad <0.5.0b3.dev97 UnTar._safe_extractall - Path Traversal

CVE-2026-35583 MEDIUM

Emissary <8.39.0 Configuration API - Path Traversal

CVE-2026-35492 MEDIUM

Kedro-Datasets <9.3.0 PartitionedDataset - Path Traversal Arbitrary File Write

Previous Page 21 of 365 Next

Details

Vulnerabilities 9,122

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy