Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,127 vulnerabilities with CWE-22

CVE-2026-1111 MEDIUM

PublicCMS < 5.202506.d - Path Traversal via Task Template Management Handler

CVE-2026-23745 MEDIUM

tar < 7.5.3 - Arbitrary File Overwrite and Symlink Poisoning via Hardlink and SymbolicLink Entries

CVE-2026-23535 HIGH

wlc < 1.17.2 - Path Traversal via Multi-Translation Download

CVE-2026-22876 MEDIUM

TOA Corporation TRIFORA 3 - Path Traversal

CVE-2026-22249 HIGH

docmost 0.21.0-0.23.9 - Arbitrary File Write via Zip Import Feature

CVE-2026-22871 CRITICAL

GuardDog < 2.7.1 - Path Traversal and Arbitrary File Overwrite via safe_extract()

CVE-2026-22786 HIGH

gin-vue-admin <= 2.8.7 - Path Traversal and Arbitrary File Write via Breakpoint Resume Upload

CVE-2026-22685 HIGH

DevToys 2.0.0.0-2.0.8.9 - Path Traversal and Arbitrary File Write via Extension Package Extraction

CVE-2026-21857 MEDIUM

REDAXO < 5.20.2 - Authenticated Path Traversal via Backup Addon EXPDIR Parameter

CVE-2026-21851 MEDIUM

MONAI <= 1.5.1 - Path Traversal via _download_from_ngc_private() Zip Slip

CVE-2026-0669 HIGH

MediaWiki - CSS <1.44-1.39 - Path Traversal

CVE-2026-0604 MEDIUM

FastDup - Fastest WordPress Migration & Duplicator <= 2.7 - Authenticated Path Traversal via dir_path Parameter

CVE-2026-0571 MEDIUM

yeqifu warehouse < 2025-10-06 - Path Traversal via createResponseEntity

CVE-2026-21440 CRITICAL

AdonisJS bodyparser <10.1.2, 11.0.0-next.0-6 - Path Traversal & Arbitrary File Write

CVE-2025-69128 HIGH

WordPress JobCareer theme <= 7.3 - Arbitrary File Deletion vulnerability

CVE-2025-69139 HIGH

WordPress Car Zone theme <= 3.7 - Arbitrary File Deletion vulnerability

CVE-2025-69131 HIGH

WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Download vulnerability

CVE-2025-60223 HIGH

WordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.5 - Arbitrary File Deletion vulnerability

CVE-2025-24268 MEDIUM

Apple macOS < 15.4 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2025-62851 MEDIUM

Qnap Systems Inc. License Center < 1.9.56 - Path Traversal

CVE-2025-45145 HIGH

Follett Destiny Library Manager 22_0_2_rc1 - Unauthenticated Directory Traversal via Image Parameter

CVE-2025-71211 CRITICAL

Trend Micro, Inc. TrendAI Apex One - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2025-71210 CRITICAL

Trend Micro, Inc. TrendAI Apex One - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2025-70950 HIGH

gohttp - Path Traversal via Crafted Request

CVE-2025-65418 HIGH

docuFORM Managed Print Service Client 11.11c - Path Traversal

Previous Page 39 of 366 Next

Details

Vulnerabilities 9,127

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy