Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,130 vulnerabilities with CWE-22

CVE-2025-15449 MEDIUM

cld378632668 JavaMall <994f1e2b019378ec9444cdf3fce2d5b5f72d28f0 - P...

CVE-2025-67160 HIGH

Vatilon PA4 Firmware 1.12.37-20240124 - Path Traversal

CVE-2025-59384 HIGH

Qfiling - Path Traversal

CVE-2025-59381 MEDIUM

QNAP QTS and QuTS hero - Authenticated Path Traversal

CVE-2025-59380 MEDIUM

QNAP QTS and QuTS hero - Authenticated Path Traversal

CVE-2025-53594 MEDIUM

Qfinder Pro Mac <7.13.0 - Path Traversal

CVE-2025-15432 MEDIUM

yeqifu carRental < 2023-04-15 - Path Traversal via File Download Endpoint

CVE-2025-61557 HIGH

nixseparatedebuginfod <0.4.1 - Path Traversal

CVE-2025-15245 LOW

D-Link DCS-850L 1.02.09 - Path Traversal via Firmware Update DownloadFile Parameter

CVE-2025-67254 HIGH

Nagios XI 2026R1.0.1 - Path Traversal via coreconfigsnapshots.php

CVE-2025-14728 MEDIUM

Rapid7 Velociraptor <0.75.6 - Path Traversal

CVE-2025-15187 LOW

GreenCMS < 2.3 - Path Traversal via DataController.class.php File Handler

CVE-2025-15227 HIGH

bpmflowwebkit < 5.0.5 - Unauthenticated Arbitrary File Read via Absolute Path Traversal

CVE-2025-15225 HIGH

Sun.net WMPro 5.0-5.1 - Unauthenticated Arbitrary File Read via Relative Path Traversal

CVE-2025-15066 MEDIUM

Innorix WP - Path Traversal via Exam Directory

CVE-2025-15138 MEDIUM

prasathmani/tiny_file_manager < 2.6 - Path Traversal via fullpath Argument

CVE-2025-15076 HIGH

Tenda CH22 1.0.0.1 - Path Traversal via /public/

CVE-2025-68916 CRITICAL

Riello UPS NetMan 208 <1.12 - Path Traversal

CVE-2025-14420 HIGH

pdfforge PDF Architect - Remote Code Execution via CBZ File Parsing Path Traversal

CVE-2025-14413 HIGH

Soda PDF Desktop - Remote Code Execution via CBZ File Parsing Path Traversal

CVE-2025-13699 HIGH

MariaDB >= 11.8.3 - Remote Code Execution via Directory Traversal in mariadb-dump Utility

CVE-2025-13698 MEDIUM

OPNsense >=25.7 <25.7 - Authenticated Path Traversal and Arbitrary File Write via diag_backup.php

CVE-2025-65713 MEDIUM

Home Assistant Core <2025.8.0 - Path Traversal

CVE-2025-68476 HIGH

KEDA 2.17.0-2.17.2 and 2.18.0-2.18.2 - Arbitrary File Read via TriggerAuthentication Service Account Token Path

CVE-2025-11540 HIGH

Sharp Display Solutions Projectors - Path Traversal

Previous Page 45 of 366 Next

Details

Vulnerabilities 9,130

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy