Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,126 vulnerabilities with CWE-22

CVE-2026-3051 MEDIUM

DataLinkDC dinky <1.2.5 - Path Traversal

CVE-2026-23521 MEDIUM

Traccar <= 6.11.1 - Authenticated Path Traversal and Arbitrary File Write via Device uniqueId

CVE-2026-2953 MEDIUM

Dromara UJCMS 101.2 - Path Traversal

CVE-2026-2864 MEDIUM

feng_ha_ha/megagao ssm-erp - Path Traversal

CVE-2026-2863 MEDIUM

feng_ha_ha/megagao ssm-erp - Path Traversal

CVE-2026-27202 HIGH

GetSimple CMS - Arbitrary File Read

CVE-2026-2033 HIGH

MLflow Tracking Server - Path Traversal RCE

CVE-2026-27115 HIGH

ADB Explorer <=0.9.26020 - Arbitrary File Deletion

CVE-2026-24953 MEDIUM

Simple File List <=6.1.15 - Path Traversal

CVE-2026-26960 HIGH

tar < 7.5.8 - Arbitrary File Read and Write via Hardlink Extraction

CVE-2026-26065 HIGH

calibre < 9.3.0 - Path Traversal and Arbitrary File Write via PDB Reader

CVE-2026-26064 HIGH

calibre < 9.3.0 - Path Traversal and Remote Code Execution via extract_pictures Function

CVE-2026-26975 HIGH

Music Assistant Server < 2.7.0 - Unauthenticated Remote Code Execution via Playlist Update API

CVE-2026-26972 MEDIUM

OpenClaw 2026.1.12-2026.2.12 - Path Traversal

CVE-2026-26329 MEDIUM

OpenClaw <2026.2.14 - Path Traversal

CVE-2026-26321 HIGH

OpenClaw <2026.2.14 - Path Traversal

CVE-2026-26202 HIGH

Penpot < 2.13.2 - Authenticated Arbitrary File Read via Font Variant RPC Endpoint

CVE-2026-25766 MEDIUM

Echo 5.0.0-5.0.2 - Unauthenticated Path Traversal via Backslash Handling in Static Middleware

CVE-2026-25527 MEDIUM

changedetection.io <0.53.2 - Path Traversal

CVE-2026-2731 CRITICAL

DynamicWeb 8-9 <9.19.7/9.20.3 - Path Traversal

CVE-2026-2692 MEDIUM

CoCoTeaNet CyreneAdmin <1.3.0 - Path Traversal

CVE-2026-2683 MEDIUM

Tsinghua Unigroup EA 3.2.210802 - Path Traversal

CVE-2026-2672 MEDIUM

Tsinghua Unigroup EA 3.2.210802 - Path Traversal

CVE-2026-23491 HIGH

InvoicePlane <=1.6.3 - Path Traversal

CVE-2026-22860 HIGH

Rack <2.2.22/3.1.20/3.2.5 - Path Traversal

Previous Page 34 of 366 Next

Details

Vulnerabilities 9,126

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy