Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,125 vulnerabilities with CWE-22

CVE-2026-0394 MEDIUM

OX Dovecot Pro - Path Traversal via Per-Domain Passwd File Configuration

CVE-2026-33747 HIGH

BuildKit vulnerable to malicious frontend causing file escape outside of storage root

CVE-2026-33945 CRITICAL

Abitrary file write through systemd-creds option

CVE-2026-28786 MEDIUM

Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

CVE-2026-33686 HIGH

Sharp is Vulnerable to Path Traversal via Unsanitized Extension in FileUtil

CVE-2026-33670 CRITICAL

SiYuan has directory traversal within its publishing service

CVE-2026-33645 HIGH

Fireshare has Path Traversal Arbitrary File Write in `/api/uploadChunked`

CVE-2026-0964 MEDIUM

Libssh: improper sanitation of paths received from scp servers

CVE-2026-33529 LOW

Zoraxy: Authenticated Path Traversal in Config Import leads to RCE

CVE-2026-33528 MEDIUM

GoDoxy <0.27.5 File API - Path Traversal Arbitrary File Read and Write

CVE-2026-3112 MEDIUM

Arbitrary File Read via Advanced Logging Support Packet

CVE-2026-32846 HIGH

OpenClaw Media Parsing Path Traversal to Arbitrary File Read

CVE-2026-33183 CRITICAL

Saloon <4.0.0 Fixture Names - Path Traversal

CVE-2026-4758 HIGH

WP Job Portal <= 2.4.9 - Authenticated (Subscriber+) Arbitrary File Deletion via Resume Custom File Field

CVE-2026-30976 HIGH

Sonarr Path Traversal vulnerability

CVE-2026-32567 MEDIUM

WordPress YML for Yandex Market plugin < 5.3.0 - Arbitrary File Deletion vulnerability

CVE-2026-32522 HIGH

WordPress WooCommerce Support Ticket System plugin < 18.5 - Arbitrary File Deletion vulnerability

CVE-2026-32496 MEDIUM

WordPress Spam Protect for Contact Form 7 plugin <= 1.2.9 - Arbitrary File Deletion vulnerability

CVE-2026-31913 HIGH

WordPress Scape theme < 1.5.16 - Arbitrary File Deletion vulnerability

CVE-2026-27040 HIGH

WordPress WZone plugin <= 14.0.31 - Arbitrary File Deletion vulnerability

CVE-2026-25328 MEDIUM

WordPress Product File Upload for WooCommerce plugin <= 2.2.4 - Arbitrary File Deletion vulnerability

CVE-2026-24970 HIGH

WordPress Energox theme <= 1.2 - Arbitrary File Deletion vulnerability

CVE-2026-24969 HIGH

WordPress Instant VA theme <= 1.0.1 - Arbitrary File Deletion vulnerability

CVE-2026-22448 HIGH

WordPress PitchPrint plugin <= 11.1.2 - Arbitrary File Deletion vulnerability

CVE-2026-28827 CRITICAL

macOS < 14.8.5, < 15.7.5, < 26.4 - Sandbox Escape via Path Traversal

Previous Page 25 of 365 Next

Details

Vulnerabilities 9,125

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy