Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,126 vulnerabilities with CWE-22

CVE-2026-1311 HIGH

Worry Proof Backup Plugin <0.2.4 - Path Traversal

CVE-2026-27969 HIGH

Vitess <23.0.3/22.0.4 - Path Traversal

CVE-2026-1557 HIGH

WP Responsive Images <=1.0 - Path Traversal

CVE-2026-27884 MEDIUM

NetExec < 1.5.1 - Path Traversal and Arbitrary File Write via SMB Share Filename

CVE-2026-27800 HIGH

zed < 0.224.4 - Path Traversal via Extension Archive Extraction

CVE-2026-27735 MEDIUM

mcp-server-git <2026.1.14 - Path Traversal

CVE-2026-27819 HIGH

Vikunja < 2.0.0 - Path Traversal and Denial of Service via Malicious ZIP Archive

CVE-2026-26985 HIGH

LORIS 24.0.0-27.0.1 - Path Traversal

CVE-2026-26984 HIGH

LORIS <28.0.0 - Path Traversal to RCE

CVE-2026-3188 MEDIUM

feiyuchuixue sz-boot-parent <=1.3.2-beta - Path Traversal

CVE-2026-27704 HIGH

Dart SDK <3.11.0 & Flutter SDK <3.41.0 - Path Traversal

CVE-2026-27699 CRITICAL

basic-ftp < 5.2.0 - Path Traversal via Malicious FTP Server Directory Listing

CVE-2026-0704 CRITICAL

Octopus Server 2023.1.4189-2025.3.14715 - Path Traversal and Arbitrary File Deletion via API Endpoint

CVE-2026-3179 HIGH

ASUSTOR Data Master 4.1.0-4.3.3.ROF1 & 5.0.0-5.1.2.RE51 - Path Traversal & Arbitrary File Write via FTP Backup

CVE-2026-25785 CRITICAL

Lanscope Endpoint Manager <9.4.7.3 - Path Traversal

CVE-2026-27641 CRITICAL

Flask-Reuploaded <1.5.0 - Path Traversal

CVE-2026-27606 CRITICAL

Rollup <2.80.0/3.30.0/4.59.0 - Path Traversal

CVE-2026-24849 CRITICAL

OpenEMR < 7.0.4 - Authenticated Path Traversal via EtherFaxActions.php disposeDocument()

CVE-2026-27598 MEDIUM

dagu <= 1.16.7 - Authenticated Path Traversal and Remote Code Execution via CreateNewDAG API

CVE-2026-27117 MEDIUM

bit7z < 4.0.11 - Path Traversal and Arbitrary File Write via Archive Extraction

CVE-2026-25891 HIGH

Fiber 3.0.0 - Path Traversal via Static Middleware Sanitizer Bypass

CVE-2026-25603 MEDIUM

Linksys MR9600/MX4200 - Path Traversal

CVE-2026-27483 HIGH

MindsDB < 25.9.1.1 - Authenticated Path Traversal and Remote Command Execution via /api/files Upload

CVE-2026-3067 MEDIUM

HummerRisk < 1.5.0 - Path Traversal in Archive Extraction

CVE-2026-25965 HIGH

ImageMagick <7.1.2-15/6.9.13-40 - Path Traversal

Previous Page 33 of 366 Next

Details

Vulnerabilities 9,126

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy