Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,135 vulnerabilities with CWE-22

CVE-2025-11630 MEDIUM

docsys < 2.02.36 - Path Traversal via File Upload Path Parameter

CVE-2025-61884 HIGH KEV

Oracle Configurator 12.2.3-12.2.14 - Unauthenticated CRLF Injection via Runtime UI

CVE-2025-11607 MEDIUM

harry0703/moneyprinterturbo < 1.2.6 - Path Traversal via File Argument in upload_music Function

CVE-2025-9950 MEDIUM

BestWebSoft plugin <1.1.6 - Path Traversal

CVE-2025-6439 CRITICAL

WooCommerce Designer Pro <1.9.26 - Path Traversal

CVE-2025-21048 MEDIUM

Samsung Android Knox Enterprise - Local Arbitrary Code Execution via Relative Path Traversal

CVE-2025-35056 MEDIUM

Newforma Project Center < 2024.1 - Authenticated Arbitrary File Read via StreamStampImage

CVE-2025-35055 HIGH

Newforma Project Center < 2023.1 - Unauthenticated Path Traversal and Arbitrary File Write via UploadBlueimp.ashx

CVE-2025-35053 MEDIUM

Newforma Project Center < 2024.3 - Authenticated Path Traversal and Arbitrary File Deletion via MarkupServices.ashx

CVE-2025-34248 HIGH

D-Link Nuclias Connect <1.3.1.4 - Path Traversal

CVE-2025-10284 CRITICAL

BBOT < 2.7.0 - Remote Code Execution via Malicious Archive Extraction

CVE-2025-10283 CRITICAL

BBOT < 2.7.0 - Remote Code Execution via Git Repository Command Injection

CVE-2025-39664 MEDIUM

Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and 2.1.0 - Authenticated Path Traversal in Report Scheduler

CVE-2025-7526 CRITICAL

WP Travel Engine - Tour Booking Plugin - Path Traversal

CVE-2025-61913 CRITICAL

Flowise < 3.0.8 - Authenticated Path Traversal and Arbitrary File Write via WriteFileTool and ReadFileTool

CVE-2025-61784 HIGH

llama-factory < 0.9.4 - SSRF and LFI via _process_request

CVE-2025-43934 MEDIUM

Dell PowerProtect Data Domain Path Traversal and Unauthorized Access

CVE-2025-43889 MEDIUM

Dell PowerProtect Data Domain 7.7.1.0-8.4, 7.13.1.0-7.13.1.30, 7.10.1.0-7.10.1.60 - Unauthenticated Path Traversal in UI

CVE-2025-40889 HIGH

Nozomi Networks CMC and Guardian < 25.2.0 - Authenticated Path Traversal via Time Machine Input Parameters

CVE-2025-3718 HIGH

Nozomi Networks CMC and Guardian < 25.2.0 - Authenticated Path Traversal and Cross-Site Scripting via Malicious URL

CVE-2025-60969 MEDIUM

EndRun Technologies Sonoma D12 - Info Disclosure

CVE-2025-11337 MEDIUM

Four-Faith Water Conservancy Informatization Platform <2.2 - Path T...

CVE-2025-11336 MEDIUM

Four-Faith Water Conservancy Informatization Platform <2.2 - Path T...

CVE-2025-58591 MEDIUM

SICK Analytics Products - Directory Traversal Information Disclosure

CVE-2025-58590 MEDIUM

Sick Analytics Products <= 4.6.1 - Information Disclosure via Path Traversal

Previous Page 55 of 366 Next

Details

Vulnerabilities 9,135

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy