Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,256 vulnerabilities with CWE-22

CVE-2020-0539 MEDIUM

Intel CSME <11.8.77/11.12.77/11.22.77/12.0.64/13.0.32/14.0.33 & TXE <3.1.75/4.0.25 - Path Traversal

CVE-2020-0179 HIGH

Android 10 - Path Traversal in MtpServer.cpp doSendObjectInfo

CVE-2020-11798 MEDIUM

Mitel MiCollab AWV < 8.1.2.4 and 9.x < 9.1.3 - Path Traversal via Crafted URL

CVE-2020-6110 HIGH

Zoom Client <4.6.10 - Path Traversal

CVE-2020-6109 CRITICAL

Zoom client <4.6.10 - Path Traversal

CVE-2020-12851 HIGH

Pydio Cells 2.0.4 - Authenticated Path Traversal and Arbitrary File Write via ZIP Extraction

CVE-2020-13836 HIGH

Samsung Android O(8.x)-Q(10.0) - Path Traversal in HWRResProvider

CVE-2020-13818 HIGH

ManageEngine OpManager < 125144 - Path Traversal via Cache Start Bypass

CVE-2020-13795 MEDIUM

Navigate CMS < 2.8.7 - Path Traversal via Template Class

CVE-2020-13792 MEDIUM

PlayTube 1.8 - Path Traversal and Information Disclosure via ajax.php Type Parameter

CVE-2020-5410 HIGH KEV

Spring Cloud Config <2.2.3 & <2.1.9 - Path Traversal

CVE-2020-13227 MEDIUM

Sysax Multi Server 6.90 - Info Disclosure

CVE-2020-7650 MEDIUM

Snyk Broker 4.72.0-4.73.1 - Arbitrary File Read via YAML/JSON File Extension Handling

CVE-2020-7648 MEDIUM

Snyk Broker < 4.72.2 - Arbitrary File Read via Fragment Identifier

CVE-2020-7652 MEDIUM

Snyk Broker < 4.80.0 - Arbitrary File Read via Directory Traversal

CVE-2020-7651 MEDIUM

Snyk Broker < 4.79.0 - Arbitrary File Read via GitHub Commits API

CVE-2020-8604 HIGH

Trend Micro InterScan Web Security Virtual Appliance 6.5 - Path Traversal

CVE-2020-12392 MEDIUM

Firefox ESR < 68.8 - Info Disclosure

CVE-2020-1082 HIGH

Windows Error Reporting - Privilege Escalation

CVE-2020-5752 HIGH

Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation

CVE-2020-13093 MEDIUM

iSpyConnect.com Agent DVR <2.7.1.0 - Path Traversal

CVE-2020-11073 HIGH

Autoswitch Python Virtualenv <0.16.0 - RCE

CVE-2020-12832 CRITICAL

WordPress Plugin Simple File List <4.2.8 - Info Disclosure

CVE-2020-8159 CRITICAL

actionpack_page-caching < v1.2.1 - Code Injection

CVE-2020-7647 MEDIUM

Jooby < 1.6.7 and 2.0.0-2.8.2 - Path Traversal

Previous Page 228 of 371 Next

Details

Vulnerabilities 9,256

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy