Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,136 vulnerabilities with CWE-22

CVE-2025-10951 HIGH

geyang ml-logger - Path Traversal via File Argument in log_handler

CVE-2025-10449 HIGH

Saysis Web Portal <3.2.1 - Path Traversal

CVE-2025-59343 HIGH

tar-fs < 3.1.1, < 2.1.3, < 1.16.5 - Path Traversal via Symlink Validation Bypass

CVE-2025-56816 HIGH

Datart 1.0.0-rc.3 - Directory Traversal and Remote Code Execution via YAML Deserialization

CVE-2025-56815 HIGH

Datart 1.0.0-rc.3 - Path Traversal via POST /viz/image Interface

CVE-2025-59825 MEDIUM

astral-tokio-tar < 0.5.4 - Path Traversal and Arbitrary File Write via Entry::unpack_in_raw

CVE-2025-9963 CRITICAL

Novakon P series < P-2.0.05 - Path Traversal and Arbitrary File Write

CVE-2025-57682 MEDIUM

Papermark < 0.20.0 - Authenticated Path Traversal via S3 Presigned URL Proxy

CVE-2025-10777 MEDIUM

JSC R7 R7-Office Document Server < 20250820 - Path Traversal via /downloadas/ cmd Parameter

CVE-2025-10766 MEDIUM

zkeacms < 4.3 - Path Traversal via EventViewerController.cs Download Function

CVE-2025-9079 HIGH

Mattermost <10.8.4 - Code Injection

CVE-2025-57644 CRITICAL

Accela Automation Platform 22.2.3.0.230103 - RCE & Arbitrary File Write via Test Script

CVE-2025-56869 MEDIUM

sync-in_server < 1.1.1 - Authenticated Path Traversal via FilesManager Functions

CVE-2025-10709 MEDIUM

Four-Faith Water Conservancy Informatization Platform 1.0 - Path Traversal via fileName Parameter

CVE-2025-10708 MEDIUM

Four-Faith Water Conservancy Informatization Platform 1.0 - Path Traversal via fileName Parameter

CVE-2025-10468 HIGH

Beyaz Computer CityPlus <24.29375 - Path Traversal

CVE-2025-59352 CRITICAL

Dragonfly < 2.1.0 - Path Traversal and Remote Code Execution via gRPC and HTTP APIs

CVE-2025-59414 LOW

Nuxt 3.6.0-3.18.9 - Client-Side Path Traversal via Island Payload Revival

CVE-2025-59304 CRITICAL

Swetrix < 4.0.0 - Remote Code Execution via Directory Traversal

CVE-2025-35430 MEDIUM

CISA Thorium 1.0.0-1.1.1 - Authenticated Path Traversal via Download Endpoints

CVE-2025-9215 MEDIUM

StoreEngine <1.5.0 - Path Traversal

CVE-2025-10050 MEDIUM

Simple History <0.5 - Local File Inclusion

CVE-2025-34185 HIGH

Ilevia EVE X1 Server <= 4.7.18.0.eden - Unauthenticated Arbitrary File Read via db_log Parameter

CVE-2025-59336 MEDIUM

Luanox < 0.1.1 - Path Traversal and Denial of Service via Malicious Package Name

CVE-2025-43314 MEDIUM

macOS < 14.8, < 15.7, < 26 - Unprotected User Data Exposure via Path Handling Issue

Previous Page 57 of 366 Next

Details

Vulnerabilities 9,136

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy