CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,136 vulnerabilities with CWE-22
CVE-2025-58590 MEDIUM
Sick Analytics Products <= 4.6.1 - Information Disclosure via Path Traversal
CVSS 6.5
CVE-2025-8917 MEDIUM
clearml < 2.0.2 - Path Traversal and Arbitrary File Write via Symbolic and Hard Link Handling
CVSS 5.8
CVE-2025-8406 HIGH
ZenML 0.83.1 - Path Traversal and Arbitrary File Write via PathMaterializer
CVSS 7.8
CVE-2025-47211 MEDIUM
QNAP QTS and QuTS hero - Authenticated Path Traversal
CVSS 4.9
CVE-2025-33034 MEDIUM
Qsync Central <5.0.0.1 - Path Traversal
CVSS 6.5
CVE-2025-61666 HIGH
Traccar <6.8.1-6.0 - Local File Inclusion
CVE-2025-59744 HIGH
AndSoft e-TMS 25.03 - Path Traversal via docurl Parameter
CVSS 7.5
CVE-2025-54293 MEDIUM
Canonical LXD 5.0 LTS - Authenticated Path Traversal via Log File Retrieval
CVSS 6.5
CVE-2025-54292 MEDIUM
Canonical LXD 5.0.0-5.21.4 - Authenticated Path Traversal via URL Path Resource Names
CVSS 4.6
CVE-2025-11221 HIGH
GTONE ChangeFlow <9.0.1.1 - Path Traversal
CVSS 8.8
CVE-2025-11182 MEDIUM
GTONE ChangeFlow <9.0.1.1 - Path Traversal
CVSS 6.5
CVE-2025-11020 HIGH
MarkAny SafePC Enterprise <7.0.1 - SQL Injection
CVSS 8.8
CVE-2025-58769 LOW
auth0-php 3.3.0-8.16.0 - Path Traversal via Bulk User Import Endpoint
CVSS 3.3
CVE-2025-11233 MEDIUM
Rust std 1.87.0-1.88.0 - Path Traversal in Cygwin Path API
CVE-2025-8559 MEDIUM
All in One Music Player <1.3.1 - Path Traversal
CVSS 6.5
CVE-2025-61586 MEDIUM
FreshRSS < 1.27.0 - Path Traversal via Theme Field
CVSS 5.3
CVE-2025-43813 HIGH
Liferay DXP <7.3 & 7.4.0-7.4.3.107 - Path Traversal & DoS via ComboServlet
CVSS 8.2
CVE-2025-11139 MEDIUM
Bjskzy Zhiyou ERP <11.0 - Path Traversal
CVSS 6.3
CVE-2025-11079 MEDIUM
Campcodes Farm Management System 1.0 - Info Disclosure
CVSS 5.3
CVE-2025-11034 MEDIUM
Dibo Data Decision Making System <2.7.0 - Path Traversal
CVSS 4.3
CVE-2025-11031 MEDIUM
DataTables <1.10.13 - Path Traversal
CVSS 5.3
CVE-2025-11018 MEDIUM
Four-Faith Water Conservancy Informatization Platform 1.0 - Path Traversal via fileName Parameter
CVSS 5.3
CVE-2025-11016 MEDIUM
kalcaddle kodbox <1.61.09 - Path Traversal
CVSS 4.3
CVE-2025-59002 HIGH
SeaTheme BM Content Builder - Path Traversal
CVSS 7.7
CVE-2025-10307 MEDIUM
Backuply WordPress <1.4.8 - Privilege Escalation
CVSS 6.5
Details
Vulnerabilities 9,136
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits