Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,125 vulnerabilities with CWE-22

CVE-2026-28816 MEDIUM

macOS < 14.8.5, < 15.7.5, < 26.4 - Unauthorized File Deletion via Path Handling Issue

CVE-2026-20688 CRITICAL

iOS and iPadOS < 26.4 - Path Traversal via Improper Path Handling

CVE-2026-33344 HIGH

Dagu 2.0.0-2.3.0 locateDAG - Path Traversal

CVE-2026-33329 HIGH

FileRise: Path Traversal in `resumableIdentifier` Leading to Arbitrary File Write, Recursive Directory Deletion, and Limited Existence Oracle

CVE-2026-33497 HIGH

Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

CVE-2026-33309 CRITICAL

Langflow 1.2.0-1.8.1 v2 File Upload - Arbitrary File Write

CVE-2026-4741 HIGH

Path Traversal Vulnerability in TeamJCD/JoyConDroid

CVE-2026-22739 HIGH

Spring Cloud Config Profile Substitution Can Allow Unintended Access To Files And Enable SSRF Attacks

CVE-2026-33242 HIGH

Salvo 0.39.0-0.89.2 - Path Traversal

CVE-2026-33211 CRITICAL

Tekton Pipelines 1.0.0-1.10.2 - Path Traversal

CVE-2026-33195 CRITICAL

Active Storage <8.1.2.1, <8.0.4.1, <7.2.3.1 - Path Traversal

CVE-2026-33046 HIGH

Indico < 3.3.12 - Remote Code Execution via LaTeX Sanitizer Bypass

CVE-2026-23485 MEDIUM

Blinko: Unauthorized Path Traversal File Enumeration - music-metadata

CVE-2026-23484 MEDIUM

blinko <= 1.8.3 - Authenticated Path Traversal and Arbitrary File Write via fileName Parameter

CVE-2026-23483 MEDIUM

Blinko: Unauthorized Arbitrary File Read - /plugins

CVE-2026-23482 HIGH

Blinko: Unauthorized Arbitrary File Read - /api/file/temp

CVE-2026-23481 MEDIUM

Blinko <1.8.4 - Authenticated Arbitrary File Write

CVE-2026-33681 HIGH

AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin Name

CVE-2026-33513 HIGH

AVideo <=26.0 API locale - Unauthenticated Local File Inclusion

CVE-2026-33493 HIGH

AVideo <=26.0 import.json.php fileURI - Path Traversal

CVE-2026-33293 HIGH

AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Parameter

CVE-2026-33292 HIGH

AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos

CVE-2026-4542 MEDIUM

SSCMS layerImage Endpoint LayerImageController.Submit.cs path traversal

CVE-2026-32055 HIGH

OpenClaw < 2026.2.26 - Workspace Path Boundary Bypass via Non-existent Symlink

CVE-2026-3474 MEDIUM

EmailKit <= 1.6.3 - Authenticated (Administrator+) Path Traversal via 'emailkit-editor-template' REST API Parameter

Previous Page 26 of 365 Next

Details

Vulnerabilities 9,125

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy