Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,130 vulnerabilities with CWE-22

CVE-2025-58173 HIGH

FreshRSS 1.23.0-1.27.0 - Unauthenticated Path Traversal via Language Parameter

CVE-2025-60786 HIGH

iceScrum < 7.54 - Remote Code Execution via Zip Slip in Project Import

CVE-2025-34181 HIGH

NetSupport Manager <14.12.0001 - RCE

CVE-2025-14704 HIGH

sgwbox N3 < 2.0.25 - Path Traversal via /eshell API

CVE-2025-14702 MEDIUM

Smartbit CommV Smartschool App <10.4.4 - Path Traversal

CVE-2025-14699 MEDIUM

Municorn FAX App 3.27.0 - Path Traversal

CVE-2025-14698 MEDIUM

atlaszz AI Photo Team Galleryit App 1.3.8.2 - Path Traversal

CVE-2025-14617 MEDIUM

Jehovahs Witnesses JW Library App <15.5.1 - Path Traversal

CVE-2025-43465 MEDIUM

macOS Tahoe <26.1 - Info Disclosure

CVE-2025-43463 MEDIUM

macOS <14.8.3-15.7.3 - Info Disclosure

CVE-2025-67819 MEDIUM

Weaviate 1.30.0-1.30.19 and 1.30.0-1.30.20 - Path Traversal via GetFile Method

CVE-2025-67818 HIGH

Weaviate < 1.33.4 - Path Traversal and Arbitrary File Write via Backup Restore

CVE-2025-12960 MEDIUM

Simple CSV Table plugin <1.0.1 - Path Traversal

CVE-2025-13891 MEDIUM

Image Gallery - Photo Grid & Video Gallery <2.13.3 - Path Traversal

CVE-2025-14344 CRITICAL

Multi Uploader for Gravity Forms <1.1.7 - Info Disclosure

CVE-2025-13972 MEDIUM

WatchTowerHQ <3.15.0 - Info Disclosure

CVE-2025-12824 HIGH

Player Leaderboard <1.0.2 - Code Injection

CVE-2025-66429 HIGH

cPanel 110.0.0-126.0.37 - Path Traversal and Arbitrary File Write via Team Manager API

CVE-2025-14293 MEDIUM

WP Job Portal <2.4.0 - Info Disclosure

CVE-2025-67742 LOW

JetBrains TeamCity < 2025.11 - Path Traversal via File Upload

CVE-2025-14521 MEDIUM

baowzh hfly <638ff9abe9078bc977c132b37acbe1900b63491c - Path Traversal

CVE-2025-14520 MEDIUM

baowzh hfly <638ff9abe9078bc977c132b37acbe1900b63491c - Path Traversal

CVE-2025-67720 MEDIUM

Pyrofork < 2.3.69 - Path Traversal via Telegram Media Filename

CVE-2025-56431 HIGH

FearlessCMS 0.0.2-15 - Path Traversal and Denial of Service via Plugin Handler

CVE-2025-56430 HIGH

FearlessCMS 0.0.2-15 - Path Traversal and Denial of Service via Plugin Handler

Previous Page 47 of 366 Next

Details

Vulnerabilities 9,130

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy