Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,125 vulnerabilities with CWE-22

CVE-2026-32719 MEDIUM

AnythingLLM <=1.11.1 Plugin Import - Zip Slip Code Execution

CVE-2026-32709 MEDIUM

PX4 Autopilot <1.17.0-rc2 - Path Traversal

CVE-2026-2493 HIGH

IceWarp collaboration Directory Traversal Information Disclosure Vulnerability

CVE-2026-21005 MEDIUM

Samsung Mobile Smart Switch < 3.7.69.15 - Path Traversal and Arbitrary File Write

CVE-2026-21001 MEDIUM

Samsung Galaxy Store < 4.6.03.8 - Path Traversal

CVE-2026-21000 MEDIUM

Samsung Galaxy Store <4.6.03.8 - Privilege Escalation

CVE-2026-4092 HIGH

Google Clasp < 3.2.0 - Remote Code Execution via Directory Traversal in Filename

CVE-2026-31886 CRITICAL

dagu < 2.2.4 - Path Traversal and Denial of Service via dagRunId Parameter

CVE-2026-30915 MEDIUM

SFTPGo 2.3.0-2.7.0 - Path Traversal via Dynamic Group Path Placeholder

CVE-2026-30914 HIGH

SFTPGo < 2.7.1 - Authenticated Path Traversal via Virtual Filesystem Routing

CVE-2026-30853 MEDIUM

calibre < 9.5.0 - Path Traversal and Arbitrary File Write via RocketBook Input Plugin

CVE-2026-23942 MEDIUM

Erlang OTP ssh_sftpd - Path Traversal

CVE-2026-22199 HIGH

wpDiscuz <7.6.47 - Vote Manipulation

CVE-2026-32274 HIGH

Black < 26.3.1 - Path Traversal via --python-cell-magics Option

CVE-2026-32232 CRITICAL

ZeptoClaw <0.7.6 - Privilege Escalation

CVE-2026-32140 HIGH

Dataease < 2.10.20 - Remote Code Execution via JDBC IniFile

CVE-2026-32116 HIGH

Magic Wormhole 0.21.0-0.22.9 - Path Traversal

CVE-2026-28793 HIGH

TinaCMS CLI <2.1.8 - Path Traversal

CVE-2026-28792 CRITICAL

ssw/tinacms/cli < 2.1.8 - Unauthenticated Path Traversal and Arbitrary File Write via CORS Misconfiguration

CVE-2026-28791 HIGH

ssw/tinacms/cli < 2.1.7 - Path Traversal and Arbitrary File Write via Media Upload Handler

CVE-2026-24125 MEDIUM

ssw/tinacms/graphql < 2.1.2 - Path Traversal via Relative File Path Manipulation

CVE-2026-4044 LOW

ProjectSend up to r1945 - Path Traversal

CVE-2026-3954 MEDIUM

OpenBMB XAgent 1.0.0 - Path Traversal

CVE-2026-30234 MEDIUM

OpenProject <17.2.0 - Path Traversal

CVE-2026-27897 CRITICAL

Vociferous < 4.4.2 - Unauthenticated Path Traversal and Arbitrary File Write via Export File Route

Previous Page 29 of 365 Next

Details

Vulnerabilities 9,125

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy