Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,233 vulnerabilities with CWE-22

CVE-2021-27065 HIGH KEV

Microsoft Exchange Server - Remote Code Execution via ProxyLogon

CVE-2021-21514 MEDIUM

Dell EMC OpenManage Server Administrator < 9.5.0 - Authenticated Path Traversal via URL Request

CVE-2021-22114 MEDIUM

Spring Integration Zip < 1.0.4 - Arbitrary File Write via Path Traversal in Archive Extraction

CVE-2021-25833 CRITICAL

ONLYOFFICE DocumentServer 4.2.0.71-5.6.0.21 - Remote Code Execution via File Extension Handling Issue

CVE-2021-25282 CRITICAL

SaltStack Salt <3002.5 - Path Traversal

CVE-2021-21298 LOW

Node-RED < 1.2.8 - Path Traversal via Projects API

CVE-2021-21064 MEDIUM

Magento UPWARD-php <1.1.4 - Path Traversal

CVE-2021-21972 CRITICAL KEV

VMware vCenter Server and Cloud Foundation - Remote Code Execution via vSphere Client Plugin

CVE-2021-20661 HIGH

SolarView Compact SV-CPT-MC310 <6.5 - Path Traversal

CVE-2021-20247 HIGH

mbsync < 1.3.5 - Path Traversal via IMAP Mailbox Name

CVE-2021-22651 HIGH

Luxion KeyShot <10.1 - Path Traversal

CVE-2021-26725 HIGH

Nozominetworks Central Management Control < 19.0.12 - Path Traversal

CVE-2021-27328 MEDIUM

Yeastar NeoGate TG400 <91.3.0.3 - Path Traversal

CVE-2021-23340 HIGH

pimcore <6.8.8 - Local File Inclusion

CVE-2021-20354 HIGH

IBM WebSphere Application Server <9.0 - Path Traversal

CVE-2021-27367 HIGH

Bolt < 4.1.13 - Path Traversal in FileEdit and Filemanager Controllers

CVE-2021-22857 HIGH

changjia_property_management_system - Path Traversal via CGE Page Download Function

CVE-2021-20072 HIGH

Racom MIDGE Firmware 4.4.40.105 - Authenticated Path Traversal and Arbitrary File Deletion

CVE-2021-20651 CRITICAL

ELECOM File Manager - Path Traversal

CVE-2021-21037 HIGH

Acrobat Reader DC <2020.013.20074 - Path Traversal

CVE-2021-22656 HIGH

Advantech iView <5.7.03.6112 - Path Traversal

CVE-2021-21475 HIGH

SAP Master Data Management 710, 710.750 - Unauthenticated Path Traversal

CVE-2021-25140 CRITICAL

HPE Moonshot Provisioning Manager v1.20 - Path Traversal

CVE-2021-26719 MEDIUM

Gradle Enterprise Test Distribution Agent < 1.3.2 - Path Traversal via TAR Archive Extraction

CVE-2021-26575 HIGH

HPE Baseboard Management Controller < 3.0.14.0 - Path Traversal in libifc.so webdeletesolvideofile Function

Previous Page 210 of 370 Next

Details

Vulnerabilities 9,233

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy