Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,125 vulnerabilities with CWE-22

CVE-2026-32026 MEDIUM

OpenClaw < 2026.2.24 - Arbitrary File Read via Improper Temporary Path Validation in Sandbox

CVE-2026-32020 LOW

OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler

CVE-2026-32007 MEDIUM

OpenClaw < 2026.2.23 - Sandbox Bypass in apply_patch Tool via Workspace-Only Check Bypass

CVE-2026-32749 HIGH

SiYuan importSY/importZipMd: Path Traversal via multipart filename enables arbitrary file write

CVE-2026-32747 MEDIUM

SiYuan: Incomplete sensitive path blocklist in globalCopyFiles allows reading /proc and Docker secrets

CVE-2026-25928 MEDIUM

OpenEMR Vulnerable to Path Traversal When Zipping DICOM Folders

CVE-2026-30403 HIGH

wgcloud <=3.6.3 - Arbitrary File Read

CVE-2026-22557 CRITICAL

UniFi Network Application 9.0.118-10.1.89, 10.2.97 - Path Traversal

CVE-2026-32805 HIGH

Romeo is vulnerable to Archive Slip due to missing checks in sanitization

CVE-2026-32731 CRITICAL

ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

CVE-2026-3479 NONE

pkgutil.get_data() does not enforce documented restrictions

CVE-2026-27523 MEDIUM

OpenClaw < 2026.2.24 - Sandbox Bind Validation Bypass via Symlink-Parent Missing-Leaf Paths

CVE-2026-27522 MEDIUM

OpenClaw < 2026.2.24 - Arbitrary File Read via sendAttachment and setGroupIcon Message Actions

CVE-2026-22171 HIGH

OpenClaw < 2026.2.19 - Path Traversal in Feishu Media Temporary File Naming

CVE-2026-32981 HIGH

Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disclosure

CVE-2026-25770 CRITICAL

Wazuh has Privilege Escalation to Root via Cluster Protocol File Write

CVE-2026-4307 MEDIUM

frdel/agent0ai agent-zero files.py get_abs_path path traversal

CVE-2026-4285 LOW

taoofagi easegen-admin Pdf2MdUtil.java recognizeMarkdown path traversal

CVE-2026-21991 MEDIUM

Oracle Linux 8 - Arbitrary File Creation

CVE-2026-29522 HIGH

ZwickRoell Test Data Management < 3.0.8 Path Traversal LFI

CVE-2026-32262 MEDIUM

Craft CMS < 4.17.5 and 5.9.11 - AssetsController Path Traversal File Deletion

CVE-2026-4233 MEDIUM

ThingsGateway download path traversal

CVE-2026-4222 LOW

SSCMS download PathUtils.RemoveParentPath path traversal

CVE-2026-3839 HIGH

Unraid < 7.2.3 - Unauthenticated Path Traversal Authentication Bypass via auth-request.php

CVE-2026-3838 HIGH

Unraid - Authenticated Remote Code Execution via Update Request Path Traversal

Previous Page 28 of 365 Next

Details

Vulnerabilities 9,125

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy