Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,125 vulnerabilities with CWE-22

CVE-2026-3013 HIGH

Coppermine Photo Gallery 1.6.09-1.6.27 - Path Traversal

CVE-2026-32061 MEDIUM

OpenClaw <2026.2.17 - Path Traversal

CVE-2026-32060 HIGH

OpenClaw <2026.2.14 - Path Traversal

CVE-2026-21360 MEDIUM

Adobe Commerce <=2.4.9-alpha3 - Path Traversal

CVE-2026-31817 HIGH

OliveTin <3000.11.2 - Path Traversal

CVE-2026-28807 HIGH

wisp 2.1.1-2.2.1 - Unauthenticated Arbitrary File Read via Percent-Encoded Path Traversal

CVE-2026-30952 HIGH

liquidjs < 10.25.0 - Path Traversal via Layout, Render, and Include Tags

CVE-2026-27825 CRITICAL

MCP Atlassian <0.17.0 - Path Traversal

CVE-2026-30973 MEDIUM

@appium/support < 7.0.6 - Path Traversal via Malicious ZIP Entry Extraction

CVE-2026-30958 HIGH

OneUptime <10.0.21 - Path Traversal

CVE-2026-30942 MEDIUM

Flare < 1.7.3 - Authenticated Path Traversal via Avatar Filename Parameter

CVE-2026-2741 MEDIUM

Vaadin 14.2.0-14.14.0/23.0.0-23.6.6/24.0.0-24.9.8/25.0.0-25.0.2 - P...

CVE-2026-23907 MEDIUM

Apache PDFBox 2.0.24-2.0.35, 3.0.0-3.0.6 - Path Traversal

CVE-2026-3585 HIGH

The Events Calendar <6.15.17 - Path Traversal

CVE-2026-30869 CRITICAL

SiYuan < 3.5.10 - Path Traversal and Arbitrary File Read via Double-Encoded Sequences

CVE-2026-31802 MEDIUM

tar < 7.5.11 - Path Traversal via Drive-Relative Symlink Target

CVE-2026-1776 MEDIUM

Camaleon CMS 2.4.5.0-2.9.0 - Path Traversal

CVE-2026-30240 CRITICAL

Budibase < 3.31.5 - Authenticated Path Traversal via PWA ZIP Processing Endpoint

CVE-2026-3089 MEDIUM

Actual Sync Server <26.3.0 - Path Traversal

CVE-2026-3795 MEDIUM

doramart DoraCMS 3.0.x - Path Traversal via createFileBypath Function

CVE-2026-3719 MEDIUM

Tsinghua Unigroup Electronic Archives 3.2.210802 - Path Traversal

CVE-2026-3695 MEDIUM

Modern Image Gallery App 1.0 - Path Traversal

CVE-2026-30848 LOW

Parse Server <8.6.8/9.5.0-alpha.8 - Path Traversal

CVE-2026-29786 MEDIUM

tar < 7.5.10 - Path Traversal via Drive-Relative Hardlink

CVE-2026-29780 MEDIUM

eml-parser < 2.0.1 - Path Traversal and Arbitrary File Write via Unsanitized Attachment Filename

Previous Page 30 of 365 Next

Details

Vulnerabilities 9,125

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy