Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,130 vulnerabilities with CWE-22

CVE-2025-65878 HIGH

Warehouse Management System 1.2 - Info Disclosure

CVE-2025-65897 HIGH

zdh_web <5.6.17 - Privilege Escalation/Remote Code Execution

CVE-2025-64057 HIGH

Fanvil x210 V2 2.12.20 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2025-54160 HIGH

Synology BeeDrive < 1.4.2-13960 - Local Arbitrary Code Execution via Path Traversal

CVE-2025-65346 CRITICAL

alexusmai/laravel-file-manager < 3.3.1 - Directory Traversal via Archive Extraction

CVE-2025-54307 HIGH

Thermo Fisher Torrent Suite 5.18.1 - Authenticated Path Traversal and Arbitrary File Write via ZIP Upload Endpoints

CVE-2025-29846 HIGH

Synology Router Manager 1.3-1.3.1-9346 - Authenticated Path Traversal via Portenable CGI

CVE-2025-29845 MEDIUM

Synology Router Manager 1.3-1.3.1-9346 - Authenticated Path Traversal via VideoPlayer2 Subtitle CGI

CVE-2025-29844 MEDIUM

Synology Router Manager - Information Disclosure via FileStation File CGI

CVE-2025-29843 MEDIUM

FileStation <thumb cgi - Info Disclosure

CVE-2025-65345 MEDIUM

alexusmai/laravel-file-manager < 3.3.1 - Directory Traversal via Zip Archive Functionality

CVE-2025-13645 HIGH

Modula Image Gallery 2.13.1-2.13.2 - Authenticated Arbitrary File Deletion via ajax_unzip_file Function

CVE-2025-13876 MEDIUM

Rareprob HD Video Player All Formats App 12.1.372 - Path Traversal

CVE-2025-13875 MEDIUM

Yohann0617 oci-helper <3.2.4 - Path Traversal

CVE-2025-13879 LOW

SOLIDserver IPAM 8.2.3 - Authenticated Directory Traversal via 'directory' Parameter

CVE-2025-66410 CRITICAL

Gin-vue-admin <2.8.6 - File Deletion

CVE-2025-66302 MEDIUM

Grav <1.8.0-beta.27 - Path Traversal

CVE-2025-66300 HIGH

Grav <1.8.0-beta.27 - Info Disclosure

CVE-2025-66295 HIGH

Grav <1.8.0-beta.27 - Path Traversal

CVE-2025-66206 MEDIUM

Frappe <15.86.0-14.99.2 - Path Traversal

CVE-2025-65838 HIGH

PublicCMS V5.202506.b - Path Traversal

CVE-2025-63365 HIGH

SoftSea EPUB File Reader <1.0.0.0 - Path Traversal

CVE-2025-13816 MEDIUM

mogublog < 5.2 - Path Traversal via ZIP File Handler

CVE-2025-13810 MEDIUM

jsnjfz WebStack-Guns 1.0 - Path Traversal in KaptchaController renderPicture Function

CVE-2025-13791 MEDIUM

Scada-LTS < 2.7.8.1 - Path Traversal in Project Import via ZIPProjectManager

Previous Page 49 of 366 Next

Details

Vulnerabilities 9,130

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy