Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,126 vulnerabilities with CWE-22

CVE-2026-25951 HIGH

FUXA < 1.2.11 - Authenticated Path Traversal and Remote Code Execution via Nested Traversal Sequences

CVE-2026-25895 CRITICAL

FUXA < 1.2.10 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2026-22905 HIGH

WAGO 0852-1322 and 0852-1328 < 2.64 - Unauthenticated Path Traversal via URI Validation Bypass

CVE-2026-2216 MEDIUM

WeRSS we-mp-rss <1.4.8 - Path Traversal

CVE-2026-2111 MEDIUM

JeecgBoot < 3.9.0 - Path Traversal via /airag/knowledge/doc/edit filePath Parameter

CVE-2026-25760 MEDIUM

Sliver < 1.6.11 - Authenticated Path Traversal and Arbitrary File Read

CVE-2026-25732 HIGH

NiceGUI < 3.7.0 - Path Traversal via FileUpload.name Property

CVE-2026-25636 HIGH

calibre < 9.2.0 - Path Traversal and Arbitrary File Write via EPUB Conversion

CVE-2026-25635 HIGH

calibre < 9.2.0 - Path Traversal and Remote Code Execution via CHM Reader

CVE-2026-25592 CRITICAL

Microsoft.SemanticKernel.Core < 1.71.0 - Arbitrary File Write via SessionsPythonPlugin

CVE-2026-25640 HIGH

Pydantic AI 1.34.0-1.51.0 - Cross-Site Scripting via Unvalidated CDN URL Parameter

CVE-2026-24135 HIGH

Gogs < 0.13.4 - Authenticated Path Traversal via Wiki Update old_title Parameter

CVE-2026-23633 MEDIUM

Gogs < 0.13.4 - Path Traversal and Arbitrary File Write via Git Hook Editing

CVE-2026-1523 HIGH

PRIMION DIGITEK, S.L.U - Path Traversal

CVE-2026-1246 MEDIUM

ShortPixel Image Optimizer <6.4.2 - Path Traversal

CVE-2026-25575 HIGH

NavigaTUM < 2026-02-03 - Unauthenticated Path Traversal and Arbitrary File Write via Propose Edits Endpoint

CVE-2026-25539 CRITICAL

SiYuan < 3.5.5 - Authenticated Path Traversal and Remote Code Execution via File Copy Endpoint

CVE-2026-25499 HIGH

bpg terraform-provider-proxmox < 0.93.1 - Path Traversal via SSH Sudoer Configuration

CVE-2026-25475 MEDIUM

OpenClaw < 2026.1.30 - Unauthenticated Arbitrary File Read via MEDIA Path Traversal

CVE-2026-25161 HIGH

Alist < 3.57.0 - Authenticated Path Traversal via Filename Component Injection

CVE-2026-25145 MEDIUM

melange 0.14.0-0.40.2 - Path Traversal via License File Path

CVE-2026-24843 HIGH

melange 0.11.3-0.40.3 - Path Traversal via Tar Entry Extraction

CVE-2026-25121 HIGH

apko 0.14.8-1.1.0 - Path Traversal via dirFS Filesystem Abstraction

CVE-2026-25055 HIGH

n8n < 1.123.12 and 2.0.0-2.4.0 - Unauthenticated Path Traversal and Remote Code Execution via SSH Node File Transfer

CVE-2026-20986 MEDIUM

Samsung Members <15.5.05.4 - Path Traversal

Previous Page 36 of 366 Next

Details

Vulnerabilities 9,126

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy