Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,135 vulnerabilities with CWE-22

CVE-2025-63408 HIGH

Local Agent DVR <6.6.1.0 - Path Traversal

CVE-2025-41736 HIGH

metz-connect ewio2-m_firmware < 2.2.0 - Path Traversal and Remote Code Execution via Python Script Upload

CVE-2025-40549 CRITICAL

SolarWinds Serv-U < 15.5.3 - Authenticated Path Traversal

CVE-2025-63918 MEDIUM

PDFPatcher < 1.1.3.4663 - Path Traversal and Arbitrary File Write via Image Export

CVE-2025-13266 MEDIUM

vlife-base < 2.0.1 - Path Traversal via SysFileApi create Function

CVE-2025-13265 MEDIUM

lsfusion platform < 6.1 - Path Traversal via ZipUtils unpackFile Function

CVE-2025-13262 HIGH

lsfusion platform < 6.1 - Path Traversal via UploadFileRequestHandler

CVE-2025-13261 MEDIUM

lsfusion platform < 6.1 - Path Traversal via DownloadFileRequestHandler Version Argument

CVE-2025-13246 MEDIUM

shsuishang ShopSuite ModulithShop <45a99398cec3b7ad7ff9383694f0b533...

CVE-2025-11990 LOW

GitLab 18.4.0-18.4.3 & 18.5.0-18.5.1 CSRF Token Exposure via Input Validation Bypass

CVE-2025-63680 HIGH

Nero BackItUp < 2025 - Arbitrary Code Execution via Path Parsing and ShellExecuteW Fallback

CVE-2025-54559 LOW

Desktop Alert PingAlert Application Server 6.1.0.11-6.1.1.2 - Path Traversal

CVE-2025-36236 HIGH

IBM AIX 7.2-7.3 and VIOS 3.1-4.1 - Path Traversal and Arbitrary File Write via NIM Server URL Request

CVE-2025-12089 MEDIUM

Data Tables Generator by Supsystic <1.10.45 - Privilege Escalation

CVE-2025-11366 CRITICAL

N-central < 2025.4 - Path Traversal

CVE-2025-11565 HIGH

Web Admin < unknown - Path Traversal

CVE-2025-12382 HIGH

Algosec Firewall Analyzer A33.0/A33.10 Path Traversal & Code Injection via File Upload

CVE-2025-62449 MEDIUM

GitHub Copilot Chat < 0.32.0 - Path Traversal

CVE-2025-60722 MEDIUM

OneDrive for Android - Path Traversal

CVE-2025-11696 HIGH

Studio 5000 Simulation Interface - SSRF

CVE-2025-42919 MEDIUM

SAP NetWeaver Application Server Java - Info Disclosure

CVE-2025-42894 MEDIUM

SAP Business Connector - Authenticated Path Traversal and Arbitrary File Write

CVE-2025-12923 LOW

liweiyi ChestnutCMS <1.5.8 - Path Traversal

CVE-2025-12922 MEDIUM

OpenClinica Community Edition <3.12.2/3.13 - Path Traversal

CVE-2025-12092 MEDIUM

CYAN Backup <2.5.4 - Privilege Escalation

Previous Page 51 of 366 Next

Details

Vulnerabilities 9,135

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy