Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,127 vulnerabilities with CWE-22

CVE-2026-24770 CRITICAL

RAGFlow < 0.23.1 - Path Traversal and Remote Code Execution via Malicious ZIP Archive

CVE-2026-24741 HIGH

ConvertX < 0.17.0 - Path Traversal and Arbitrary File Deletion via Delete Endpoint

CVE-2026-23593 HIGH

HPE Aruba Networking Fabric Composer - Info Disclosure

CVE-2026-24801 MEDIUM

Ralim IronOS <2.23-rc3 ecc_dsa.C - Path Traversal

CVE-2026-24686 MEDIUM

go-tuf 2.0.0-2.4.1 - Path Traversal via Repository Name in TAP 4 Multirepo Client

CVE-2026-24486 HIGH

Python-Multipart <0.0.22 - Path Traversal

CVE-2026-24479 CRITICAL

hustoj < 26.01.24 - Path Traversal and Remote Code Execution via ZIP Archive Extraction

CVE-2026-24478 HIGH

AnythingLLM <1.10.0 - Path Traversal

CVE-2026-24123 HIGH

BentoML < 1.4.34 - Path Traversal via bentofile.yaml Configuration Fields

CVE-2026-24131 MEDIUM

pnpm < 10.28.2 - Arbitrary File Permission Modification via directories.bin Path Traversal

CVE-2026-24056 MEDIUM

pnpm < 10.28.2 - Unauthenticated Arbitrary File Read via Symlink in Local/Git Dependencies

CVE-2026-23889 MEDIUM

pnpm < 10.28.1 - Path Traversal via Backslash Directory Separator on Windows

CVE-2026-23888 MEDIUM

pnpm < 10.28.1 - Path Traversal and Arbitrary File Write via Binary Fetcher

CVE-2026-24469 HIGH

C++ HTTP Server <1.0 - Path Traversal

CVE-2026-24137 MEDIUM

sigstore framework <1.10.3 - Buffer Overflow

CVE-2026-20613 HIGH

apple/container < 0.8.0 and apple/containerization < 0.21.0 - Path Traversal via ArchiveReader.extractContents()

CVE-2026-21227 HIGH

Azure Logic Apps - Unauthenticated Path Traversal

CVE-2026-23954 HIGH

Incus <= 6.21.0 - Arbitrary File Read and Write via Template Path Traversal

CVE-2026-24049 HIGH

wheel 0.40.0-0.46.1 - Arbitrary File Permission Modification via Malicious Wheel Archive

CVE-2026-24046 HIGH

Backstage Scaffolder - Symlink-Based Path Traversal and Arbitrary File Read/Write via Template Actions

CVE-2026-23949 HIGH

jaraco.context <6.1.0 - Path Traversal

CVE-2026-22218 MEDIUM

chainlit < 2.9.4 - Authenticated Arbitrary File Read via Project Element Update

CVE-2026-23851 MEDIUM

SiYuan < 3.5.4 - Authenticated Path Traversal via Global Copy Files Endpoint

CVE-2026-23850 HIGH

SiYuan < 3.5.4 - Arbitrary File Read via Markdown HTML Rendering

CVE-2026-23644 HIGH

esm.sh <0.0.0-20260116051925-c62ab83c589e - Path Traversal

Previous Page 38 of 366 Next

Details

Vulnerabilities 9,127

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy