Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,135 vulnerabilities with CWE-22

CVE-2025-11939 MEDIUM

ChurchCRM < 5.18.0 - Path Traversal via RestoreJob.php restoreFile Argument

CVE-2025-11914 MEDIUM

Streamax Crocus 1.3.40 - Path Traversal via FilePath Parameter in Download Function

CVE-2025-11913 MEDIUM

Streamax Crocus 1.3.40 - Path Traversal via Download Action Path Parameter

CVE-2025-62424 MEDIUM

ClipBucket 5.3-5.5.2-146 - Authenticated Path Traversal and Arbitrary File Write via Template Editor Folder Parameter

CVE-2025-62356 HIGH

Qodo Gen - Path Traversal via Prompt Injection

CVE-2025-62353 CRITICAL

Windsurf - Path Traversal and Arbitrary File Write

CVE-2025-11849 CRITICAL

mammoth < 1.11.0 - Directory Traversal via DOCX Image External Link

CVE-2025-61923 MEDIUM

PrestaShop Checkout < 4.4.1 and < 5.0.5 - Path Traversal and Arbitrary File Disclosure

CVE-2025-34518 HIGH

Ilevia EVE X1 Server Firmware <= 4.7.18.0.eden - Path Traversal in get_file_content.php

CVE-2025-34517 HIGH

Ilevia EVE X1 Server Firmware <= 4.7.18.0.eden - Path Traversal in get_file_content.php

CVE-2025-11842 MEDIUM

Shazwazza Smidge < 4.6.0 - Path Traversal via Bundle Handler Version Argument

CVE-2025-54658 HIGH

FortiDLP Agent 10.3.1-11.5.1 - Authenticated Path Traversal via Outlookproxy Plugin

CVE-2025-53951 MEDIUM

Fortinet FortiDLP Agent 10.3.1-11.5.1 - Authenticated Path Traversal via Outlookproxy Plugin

CVE-2025-54755 MEDIUM

F5 BIG-IP 15.1.0-15.1.10.8 - Authenticated Path Traversal in TMUI

CVE-2025-61941 HIGH

WXR9300BE6P <Ver.1.10 - Path Traversal

CVE-2025-10406 MEDIUM

BlindMatrix e-Commerce WP <3.1 - Path Traversal

CVE-2025-11746 HIGH

XStore <= 9.5.4 - Authenticated Local File Inclusion via et_ajax_required_plugins_popup()

CVE-2025-37145 MEDIUM

ArubaOS 8.10.0.0-8.10.0.18 - Authenticated Arbitrary File Download via Low-Level Interface Library

CVE-2025-37144 MEDIUM

ArubaOS 8.10.0.0-8.10.0.18 - Authenticated Arbitrary File Download via Low-Level Interface Library

CVE-2025-62156 HIGH

Argo Workflows < 3.6.12 and 3.7.0-3.7.2 - Path Traversal via Artifact Extraction

CVE-2025-10986 MEDIUM

Ivanti EPMM <12.6.0.2-12.4.0.4 - Path Traversal

CVE-2025-9064 CRITICAL

FactoryTalk View Machine Edition - Path Traversal

CVE-2025-42906 MEDIUM

SAP Commerce Cloud - Path Traversal

CVE-2025-9713 HIGH

Ivanti Endpoint Manager <2024 SU4 - Path Traversal

CVE-2025-11631 MEDIUM

docsys < 2.02.36 - Path Traversal via /Doc/deleteDoc.do Path Parameter

Previous Page 54 of 366 Next

Details

Vulnerabilities 9,135

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy