Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,130 vulnerabilities with CWE-22

CVE-2025-12638 HIGH

Keras < 3.12.0 - Path Traversal and Arbitrary File Write via tarfile.extractall()

CVE-2025-59890 HIGH

Eaton Galileo Software < 11.1.1 - Path Traversal via File Archive Upload

CVE-2025-66262 CRITICAL

DB Electronica Mozart FM Transmitter - Path Traversal via Tar Extraction

CVE-2025-66251 CRITICAL

DB Electronica Mozart FM Transmitter - Path Traversal & File Deletion via 'deletehidden'

CVE-2025-65952 HIGH

Console < 2.8.0 - Path Traversal and Arbitrary File Write via Backslash and Period Bypass

CVE-2025-34350 HIGH

UnForm Server <10.1.15 - Info Disclosure

CVE-2025-59372 MEDIUM

ASUS Router 3.0.0.4_386 3.0.0.4_388 3.0.0.6_102 - Authenticated Path Traversal and Arbitrary File Write

CVE-2025-59366 CRITICAL

ASUS Router - Authentication Bypass via Samba Functionality

CVE-2025-12003 HIGH

ASUS Router 3.0.0.4_386 3.0.0.4_388 3.0.0.6_102 - Unauthenticated Path Traversal via WebDAV

CVE-2025-54347 CRITICAL

Desktop Alert PingAlert Application Server 6.1.0.11-6.1.1.2 - Path Traversal and Arbitrary File Write

CVE-2025-60915 HIGH

Austrian Archaeological Institute Openatlas <8.12.0 - Path Traversal

CVE-2025-12972 MEDIUM

Fluent Bit - Path Traversal and Arbitrary File Write via out_file Plugin Tag Handling

CVE-2025-31248 MEDIUM

macOS < 13.7.3, < 14.7.3, < 15.5 - Unprotected User Data Exposure via Path Handling Issue

CVE-2025-34320 CRITICAL

BASIS BBj < 25.00 - Unauthenticated Path Traversal and Arbitrary File Read via Jetty Web Endpoint

CVE-2025-13435 MEDIUM

Dreampie Resty < 1.3.1 - Path Traversal via HttpClient Module Filename Argument

CVE-2025-11001 HIGH

7-Zip - Remote Code Execution via Symbolic Link Traversal in ZIP File Parsing

CVE-2025-63371 HIGH

OneCommander 3.102.0.0 - Path Traversal

CVE-2025-65025 HIGH

esm.sh < 136 - Path Traversal and Arbitrary File Write via NPM Package Tarball Extraction

CVE-2025-64765 MEDIUM

Astro < 5.15.8 - Path Traversal via Decoded URI Bypass

CVE-2025-64757 LOW

Astro < 5.14.3 - Unauthenticated Arbitrary Local File Read via Image Optimization Endpoint

CVE-2025-63408 HIGH

Local Agent DVR <6.6.1.0 - Path Traversal

CVE-2025-41736 HIGH

metz-connect ewio2-m_firmware < 2.2.0 - Path Traversal and Remote Code Execution via Python Script Upload

CVE-2025-40549 CRITICAL

SolarWinds Serv-U < 15.5.3 - Authenticated Path Traversal

CVE-2025-63918 MEDIUM

PDFPatcher < 1.1.3.4663 - Path Traversal and Arbitrary File Write via Image Export

CVE-2025-13266 MEDIUM

vlife-base < 2.0.1 - Path Traversal via SysFileApi create Function

Previous Page 50 of 366 Next

Details

Vulnerabilities 9,130

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy