Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,125 vulnerabilities with CWE-22

CVE-2026-35487 MEDIUM

text-generation-webui <4.3 load_prompt() - Path Traversal

CVE-2026-35485 HIGH

text-generation-webui <4.3 load_grammar() - Arbitrary File Read

CVE-2026-35484 MEDIUM

text-generation-webui <4.3 load_preset() - Path Traversal

CVE-2026-35483 MEDIUM

text-generation-webui <4.3 load_template() - Path Traversal

CVE-2026-33227 MEDIUM

Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ Web: Improper Limitation of a Pathname to a Restricted Classpath Directory

CVE-2026-35471 CRITICAL

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs

CVE-2026-35454 MEDIUM

Code Extension Marketplace VSIX Extraction - Zip Slip

CVE-2026-35393 CRITICAL

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload

CVE-2026-35392 CRITICAL

goshs <2.0.0-beta.3 PUT Upload - Path Traversal

CVE-2026-35177 MEDIUM

Vim < 9.2.0280 zip.vim - Path Traversal Arbitrary File Overwrite

CVE-2026-35174 CRITICAL

Chyrp Lite <2026.01 Uploads Path - Remote Code Execution

CVE-2026-35167 HIGH

Kedro <1.3.0 Versioned Dataset Loading - Path Traversal

CVE-2026-35050 CRITICAL

text-generation-webui affected by Remote Code Execution (RCE) through Path Traversal at "Session -> Save extention settings to user_data/settings.yaml".

CVE-2026-34783 HIGH

Ferret <2.0.0-alpha.4 IO::FS::WRITE - Arbitrary File Write

CVE-2026-5638 MEDIUM

HerikLyma CPPWebFramework path traversal

CVE-2026-5597 MEDIUM

griptape-ai griptape ComputerTool tool.py path traversal

CVE-2026-5595 MEDIUM

griptape-ai griptape FileManagerTool save_memory_artifacts_to_disk path traversal

CVE-2026-5535 MEDIUM

FedML-AI FedML MQTT Message FileUtils.java path traversal

CVE-2026-3666 HIGH

wpForo Forum <= 2.4.16 - Authenticated (Subscriber+) Arbitrary File Deletion via Post Body

CVE-2026-34607 HIGH

Emlog <=2.6.2 emUnZip() - Path Traversal File Write Code Execution

CVE-2026-34978 MEDIUM

OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)

CVE-2026-26058 MEDIUM

Zulip: Path Traversal in Import

CVE-2026-22661 HIGH

prompts.chat Path Traversal via Skill File Handling

CVE-2026-28373 CRITICAL

Stackfield Desktop App <1.10.2 - Path Traversal

CVE-2026-35214 HIGH

Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write

Previous Page 22 of 365 Next

Details

Vulnerabilities 9,125

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy