Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,130 vulnerabilities with CWE-22

CVE-2025-66292 HIGH

DPanel < 1.9.2 - Authenticated Arbitrary File Deletion via Path Traversal

CVE-2025-67076 HIGH

agora-project < 25.10 - Unauthenticated Path Traversal via ExternalGetFile Action

CVE-2025-67083 MEDIUM

InvoicePlane <= 1.6.3 - Unauthenticated Directory Traversal

CVE-2025-9142 HIGH

Harmony SASE Windows client - Path Traversal

CVE-2025-15020 MEDIUM

Gotham Block Extra Light <1.5.0 - Info Disclosure

CVE-2025-14301 CRITICAL

Opvius AI for WooCommerce <1.3.0 - Path Traversal

CVE-2025-58693 MEDIUM

Fortinet FortiVoice <7.2.2 - Path Traversal

CVE-2025-25652 HIGH

Eptura Archibus 2024.03.01.109 - Path Traversal in Database Update Wizard

CVE-2025-9435 MEDIUM

Zohocorp ManageEngine ADManager Plus <7230 - Path Traversal

CVE-2025-68472 HIGH

MindsDB < 25.11.1 - Unauthenticated Path Traversal and Arbitrary File Read via File Upload API

CVE-2025-66689 MEDIUM

Zen MCP Server <9.8.2 - Path Traversal

CVE-2025-69267 MEDIUM

Broadcom DX NetOps Spectrum < 24.3.9 - Path Traversal

CVE-2025-61686 CRITICAL

React Router <7.9.3 - Path Traversal

CVE-2025-67004 MEDIUM

CouchCMS 2.4 - Authenticated Path Traversal and Information Disclosure

CVE-2025-66744 HIGH

Yonyou YonBIP v3 and before - Path Traversal via LoginWithV8 Interface

CVE-2025-66051 MEDIUM

Vivotek IP7137 <0200a - Path Traversal

CVE-2025-69194 HIGH

GNU Wget2 < 2.2.1 - Path Traversal via Metalink File Name Element

CVE-2025-68705 CRITICAL

RustFS <1.0.0-alpha.79 - Path Traversal

CVE-2025-14867 MEDIUM

Flashcard plugin <0.9 - Path Traversal

CVE-2025-13801 HIGH

Yoco Payments <3.8.8 - Path Traversal

CVE-2025-14997 HIGH

BuddyPress Xprofile Custom Field Types <1.2.8 - Privilege Escalation

CVE-2025-69226 MEDIUM

aiohttp < 3.13.3 - Path Traversal in Static File Path Normalization

CVE-2025-68953 HIGH

Frappe <14.99.5 & 15.0-15.80.1 - Path Traversal

CVE-2025-68428 HIGH

jsPDF < 4.0.0 - Path Traversal via loadFile Method

CVE-2025-66518 HIGH

Apache Kyuubi <1.10.2 - Auth Bypass

Previous Page 44 of 366 Next

Details

Vulnerabilities 9,130

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy