Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,140 vulnerabilities with CWE-22

CVE-2025-9217 MEDIUM

Slider Revolution <6.7.36 - Path Traversal

CVE-2025-54029 HIGH

WooCommerce csv import export <2.0.6 - Path Traversal

CVE-2025-53588 HIGH

UPC/EAN/GTIN Code Generator <2.0.2 - Path Traversal

CVE-2025-58072 HIGH

DOS Co., Ltd. SS1 <= 16.0.0.10 and SS1 Cloud <= 2.1.3 - Unauthenticated Path Traversal

CVE-2025-54819 MEDIUM

DOS Co., Ltd. SS1 <= 16.0.0.10 and SS1 Cloud < 2.1.3 - Authenticated Path Traversal

CVE-2025-9345 MEDIUM

Managefy plugin <1.4.8 - Path Traversal

CVE-2025-20344 MEDIUM

Cisco Nexus Dashboard - Path Traversal

CVE-2025-50971 HIGH

AbanteCart 1.4.2 - Unauthenticated Path Traversal via Template Parameter

CVE-2025-55526 CRITICAL

n8n-workflows <ee25413 - Path Traversal

CVE-2025-53120 CRITICAL

Securden Unified PAM 9.0-* < 11.3.1 - Unauthenticated Path Traversal and Remote Code Execution via Upload Functionality

CVE-2025-29420 HIGH

PerfreeBlog 4.0.11 - Path Traversal via getThemeFilesByName Function

CVE-2025-9409 MEDIUM

ruoyi-go < 2.1 - Path Traversal via DownloadTmp/DownloadUpload fileName Parameter

CVE-2025-8562 MEDIUM

Custom Query Shortcode <0.4.0 - Path Traversal

CVE-2025-9118 CRITICAL

Google Cloud Dataform - Path Traversal

CVE-2025-52450 MEDIUM

Tableau Server < 2023.3.19 - Path Traversal via Create-Data-Source-From-File-Upload API

CVE-2025-53363 MEDIUM

dpanel 1.2.0-1.7.2 - Authenticated Path Traversal via /api/app/compose/get-from-uri Endpoint

CVE-2025-55523 LOW

agent-zero 0.8-0.9.3 - Path Traversal via /api/download_work_dir_file.py

CVE-2025-6465 MEDIUM

Mattermost 10.5.0-10.5.8, 10.8.0-10.8.3, 10.9.0-10.9.3, 10.10.0 - Path Traversal & Arbitrary File Write

CVE-2025-57753 MEDIUM

vite-plugin-static-copy 0.4.3-2.3.1 and 3.0.0-3.1.1 - Path Traversal

CVE-2025-8895 CRITICAL

WP Webhooks <3.3.5 - Info Disclosure

CVE-2025-8023 MEDIUM

Mattermost 9.11.0-9.11.17 10.5.0-10.5.8 10.8.0-10.8.3 10.9.0-10.9.2 - Path Traversal via Template File

CVE-2025-36530 MEDIUM

Mattermost 9.11.0-9.11.17 10.5.0-10.5.8 10.8.0-10.8.3 10.9.0-10.9.1 - Authenticated Path Traversal via Plugin Import

CVE-2025-53505 MEDIUM

Group-Office <6.8.119 & <25.0.20 - Path Traversal

CVE-2025-36114 MEDIUM

IBM QRadar SOAR Plugin App 1.0.0-5.6.0 - Path Traversal via URL Request

CVE-2025-54927 MEDIUM

EcoStruxure Power Monitoring Expert (PME) < 2022, 2023, 2024, 2024 R2 - Authenticated Path Traversal

Previous Page 60 of 366 Next

Details

Vulnerabilities 9,140

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy