Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,135 vulnerabilities with CWE-22

CVE-2025-12000 MEDIUM

WPFunnels <3.6.2 - Privilege Escalation

CVE-2025-64485 MEDIUM

CVAT 2.4.0-2.48.1 - Authenticated Path Traversal and Arbitrary File Write via File Share Mount

CVE-2025-64433 MEDIUM

KubeVirt < 1.5.3 - Path Traversal and Arbitrary File Read via PVC Disk Mount

CVE-2025-60574 HIGH

tQuadra CMS 4.2.1117 - Local File Inclusion via Styles Path

CVE-2025-7719 MEDIUM

GE Vernova Smallworld <5.3.5 - Path Traversal

CVE-2025-57698 HIGH

AstrBot 3.5.22 - Path Traversal via Plugin Install-Upload Filename Handling

CVE-2025-57712 MEDIUM

Qsync Central 5.0.0.0-5.0.0.2 - Authenticated Path Traversal

CVE-2025-64346 MEDIUM

archives < 1.0.1 - Path Traversal and Remote Code Execution via Malicious Archive Extraction

CVE-2025-64184 HIGH

Dosage < 3.2 - Path Traversal via HTTP Content-Type Header

CVE-2025-62630 HIGH

Advantech DeviceOn iEdge < 2.0.2 - Path Traversal and Remote Code Execution via Configuration File Upload

CVE-2025-59171 HIGH

Advantech DeviceOn iEdge < 2.0.2 - Path Traversal and Remote Code Execution via Configuration File Upload

CVE-2025-58423 HIGH

Advantech DeviceOn iEdge <= 2.0.2 - Directory Traversal and DoS

CVE-2025-34238 MEDIUM

Advantech WebAccess/VPN < 1.1.5 - Authenticated Path Traversal via AjaxStandaloneVpnClientsController

CVE-2025-12490 HIGH

Netgate pfSense CE - Path Traversal

CVE-2025-22397 MEDIUM

Dell iDRAC9 and iDRAC10 - Path Traversal

CVE-2025-60242 HIGH

Anatoly Download Counter <1.4 - Path Traversal

CVE-2025-20374 MEDIUM

Cisco Unified Contact Center Express - Authenticated Path Traversal via Web UI

CVE-2025-64108 HIGH

Cursor < 2.0 - Path Traversal and Remote Code Execution via NTFS Path Quirks

CVE-2025-64107 HIGH

Cursor < 2.0 - Path Traversal and Remote Code Execution via Backslash Bypass

CVE-2025-12493 CRITICAL

ShopLentor < 3.2.5 - Unauthenticated Local File Inclusion via load_template Function

CVE-2025-43382 MEDIUM

macOS <15.7.2, <26.1, <14.8.2 - Info Disclosure

CVE-2025-50735 HIGH

NextChat < 2.16.0 - Path Traversal via WebDAV Proxy

CVE-2025-12626 MEDIUM

jeecgboot jeewx-boot <641ab52c3e1845fec39996d7794c33fb40dad1dd - Pa...

CVE-2025-8385 MEDIUM

Zombify WordPress <1.7.5 - Path Traversal

CVE-2025-10897 HIGH

WooCommerce Designer Pro <1.9.28 - Info Disclosure

Previous Page 52 of 366 Next

Details

Vulnerabilities 9,135

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy