Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,126 vulnerabilities with CWE-22

CVE-2026-28078 MEDIUM

Stylemix uListing <=2.2.0 - Path Traversal

CVE-2026-22460 HIGH

wpWax FormGent <=1.4.2 - Path Traversal

CVE-2026-28427 HIGH

OpenDeck < 2.8.1 - Path Traversal via Plugin Static File Request

CVE-2026-0847 HIGH

nltk <= 3.9.2 - Path Traversal in CorpusReader Classes

CVE-2026-27442 HIGH

SEPPmail Secure Email Gateway <15.0.1 - Path Traversal

CVE-2026-28769 MEDIUM

IDC SFX Series SuperFlex 101 - Path Traversal

CVE-2026-24848 CRITICAL

OpenEMR <=7.0.4 - Authenticated RCE

CVE-2026-2606 MEDIUM

IBM webMethods API Gateway 10.11-11.1 - Path Traversal

CVE-2026-28518 HIGH

OpenViking <=0.2.1 - Path Traversal

CVE-2026-2448 HIGH

Page Builder by SiteOrigin <=2.33.5 - LFI

CVE-2026-0655 HIGH

TP-Link Deco BE25 v1.0 - Path Traversal

CVE-2026-3405 LOW

thinkgem JeeSite <5.15.1 - Path Traversal

CVE-2026-28414 HIGH

Gradio < 6.7.0 - Unauthenticated Absolute Path Traversal via Root-Relative Path Handling

CVE-2026-28406 HIGH

kaniko 1.25.4-1.25.10 - Path Traversal

CVE-2026-27734 MEDIUM

Beszel < 0.18.2 - Authenticated Path Traversal via Container Query Parameter

CVE-2026-24488 MEDIUM

OpenEMR <=8.0.0 - Arbitrary File Exfiltration

CVE-2026-2749 CRITICAL

Centreon Open Tickets <25.10.3 - Path Traversal

CVE-2026-3223 HIGH

Google Web Designer - Privilege Escalation

CVE-2026-21659 CRITICAL

Frick Controls Quantum HD <=10.22 - RCE

CVE-2026-2251 CRITICAL

Xerox FreeFlow Core <=8.0.7 - Path Traversal

CVE-2026-3289 MEDIUM

Sanluan PublicCMS 6.202506.d - Path Traversal

CVE-2026-22877 LOW

Copeland XWEB 300D/500D/500B Pro Firmware < 1.12.1 - Unauthenticated Arbitrary File Read

CVE-2026-28208 MEDIUM

junrar < 7.5.8 - Path Traversal and Remote Code Execution via Crafted RAR Archive Extraction

CVE-2026-23939 HIGH

hexpm - Path Traversal in Elixir.Hexpm.Store.Local Module

CVE-2026-26228 MEDIUM

VLC for Android <3.7.0 - Path Traversal

Previous Page 32 of 366 Next

Details

Vulnerabilities 9,126

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy