Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,125 vulnerabilities with CWE-22

CVE-2026-30290 HIGH

InTouch Contacts & Caller ID APP 6.38.1 - File Overwrite

CVE-2026-30285 CRITICAL

Zora: Post, Trade, Earn Crypto 2.60.0 - Arbitrary File Overwrite

CVE-2026-30286 CRITICAL

Zefiro Cloud 32.0.2026011614 - File Overwrite

CVE-2026-30283 CRITICAL

PEAKSEL D.O.O. NIS Animal Sounds and Ringtones 1.3.0 - Arbitrary File Overwrite

CVE-2026-30282 CRITICAL

Cast to TV Screen Mirroring 2.2.77 - File Overwrite

CVE-2026-30279 HIGH

My Location Travel Timeline 11.80 - File Overwrite

CVE-2026-30278 CRITICAL

FLY is FUN Aviation Navigation 35.33 - Arbitrary File Overwrite

CVE-2026-30277 HIGH

PDF Reader App TA/UTAX Mobile Print 3.7.2.251001 - Arbitrary File Overwrite

CVE-2026-5203 MEDIUM

CMS Made Simple UserGuide Module XML Import class.UserGuideImporterExporter.php _copyFilesToFolder path traversal

CVE-2026-33581 MEDIUM

OpenClaw < 2026.3.24 - Arbitrary File Read via mediaUrl and fileUrl Parameters

CVE-2026-29870 HIGH

agentic-context-engine <=0.7.1 - Path Traversal

CVE-2026-34070 HIGH

LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions

CVE-2026-32727 HIGH

SciTokens: Authorization Bypass via Path Traversal in Scope Validation

CVE-2026-30940 HIGH

baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE

CVE-2026-27018 HIGH

Gotenberg: Chromium deny-list bypass via case-insensitive URL scheme

CVE-2026-33027 MEDIUM

Nginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration Directory

CVE-2026-5014 MEDIUM

elecV2 elecV2P Wildcard log path.join path traversal

CVE-2026-5013 MEDIUM

elecV2 elecV2P :key path.join path traversal

CVE-2026-4999 MEDIUM

z-9527 admin isImg Check upload.js uploadFile path traversal

CVE-2026-4997 MEDIUM

Sinaptik AI PandasAI sql_sanitizer.py is_sql_query_safe path traversal

CVE-2026-33989 HIGH

@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools

CVE-2026-5027 HIGH

Langflow - Path Traversal Arbitrary File Write via upload_user_file

CVE-2026-33748 HIGH

BuildKit Git URL subdir component can cause access to restricted files

CVE-2026-29871 HIGH

awesome-llm-apps e46690f - Path Traversal

CVE-2026-4619 CRITICAL

Aterm WX3600HP < 1.5.3 - Path Traversal and Arbitrary File Write

Previous Page 24 of 365 Next

Details

Vulnerabilities 9,125

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy