Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,125 vulnerabilities with CWE-22

CVE-2026-4350 HIGH

Perfmatters <= 2.5.9.1 - Authenticated (Subscriber+) Arbitrary File Deletion via 'delete' Parameter

CVE-2026-34745 CRITICAL

Fireshare < 1.5.3 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2026-34730 MEDIUM

Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode

CVE-2026-34726 MEDIUM

Copier `_subdirectory` allows template root escape via parent-directory traversal

CVE-2026-34591 MEDIUM

Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write

CVE-2026-34524 HIGH

SillyTavern: Path traversal in `/api/chats/export` and `/api/chats/delete` allows arbitrary file read/delete within user data root

CVE-2026-34523 MEDIUM

SillyTavern: Path traversal allows file existence oracle

CVE-2026-34522 HIGH

SillyTavern: Path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory

CVE-2026-5344 MEDIUM

Textpattern XML-RPC TXP_RPCServer.php mt_uploadImage path traversal

CVE-2026-34790 HIGH

Endian Firewall /cgi-bin/backup.cgi remove ARCHIVE Directory Traversal

CVE-2026-34728 HIGH

phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController

CVE-2026-5331 MEDIUM

OpenCart Extension Installer installer.php path traversal

CVE-2026-4347 HIGH

MW WP Form <= 5.1.0 - Unauthenticated Arbitrary File Move via move_temp_file_to_upload_dir

CVE-2026-3987 HIGH

WatchGuard Firebox Arbitrary File Write vis Path Traversal in Fireware Web UI

CVE-2026-34750 MEDIUM

Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints

CVE-2026-34447 MEDIUM

ONNX: External Data Symlink Traversal

CVE-2026-34446 MEDIUM

ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load

CVE-2026-34604 HIGH

@tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions

CVE-2026-34603 HIGH

@tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions

CVE-2026-33949 HIGH

@tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files

CVE-2026-20174 MEDIUM

Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability

CVE-2026-28265 MEDIUM

Dell PowerStore < 4.4.0.0-2692403 - Path Traversal in Service User

CVE-2026-27101 MEDIUM

Dell Secure Connect Gateway 5.28.00.00-5.32.00.00 - Path Traversal

CVE-2026-5258 HIGH

Sanster IOPaint File Manager file_manager.py _get_file path traversal

CVE-2026-34451 MEDIUM

Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories

Previous Page 23 of 365 Next

Details

Vulnerabilities 9,125

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy