Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,140 vulnerabilities with CWE-22

CVE-2025-8151 MEDIUM

HT Mega < 2.9.1 - Authenticated Path Traversal via save_block_css Function

CVE-2025-46359 HIGH

PowerCMS 4.0-4.61 - Authenticated Path Traversal and Arbitrary Code Execution via Backup Restore

CVE-2025-41396 MEDIUM

PowerCMS 4.0-4.60 - Authenticated Path Traversal and Arbitrary File Write via File Upload Feature

CVE-2025-8343 MEDIUM

viglet shio < 0.3.8 - Path Traversal via ShStaticFilePreUpload Function

CVE-2025-54433 HIGH

Bugsink < 1.4.3, 1.5.0-1.5.4, 1.6.0-1.6.3, 1.7.0-1.7.3 - Path Traversal and Arbitrary File Write via Untrusted Event ID

CVE-2025-43250 MEDIUM

macOS <15.6-13.7.7 - Privilege Escalation

CVE-2025-43206 MEDIUM

macOS <15.6-14.7.7 - Info Disclosure

CVE-2025-43196 HIGH

macOS <15.6-13.7.7 - Privilege Escalation

CVE-2025-43191 MEDIUM

macOS < 13.7.7, < 14.7.7, < 15.6 - Denial of Service via Path Handling Issue

CVE-2025-44137 HIGH

MapTiler Tileserver-php v2.0 - Path Traversal via TileMatrix, TileRow, TileCol, and Format Parameters

CVE-2025-53081 MEDIUM

Samsung Data Management Server Firmware >=2.0.0 <2.3.13.1 - Arbitrary File Creation via Path Traversal

CVE-2025-53080 HIGH

Samsung Data Management Server Firmware 2.0.0-2.3.13.1 - Authenticated Path Traversal

CVE-2025-6989 HIGH

Kallyas theme <4.21.0 - Privilege Escalation

CVE-2025-52452 HIGH

Tableau Server < 2023.3.19 - Path Traversal via tabdoc API Duplicate-Data-Source Modules

CVE-2025-8132 MEDIUM

chancms < 3.1.3 - Path Traversal via delfile Function in utils.js

CVE-2025-7640 HIGH

hiWeb Export Posts <= 0.9.0.0 - CSRF & Arbitrary File Deletion via tool-dashboard-history.php

CVE-2025-54453 HIGH

Samsung MagicINFO 9 Server < 21.1080.0 - Path Traversal and Code Injection

CVE-2025-54450 HIGH

Samsung MagicINFO 9 Server < 21.1080.0 - Path Traversal and Code Injection

CVE-2025-54446 CRITICAL

Samsung MagicINFO 9 Server < 21.1080.0 - Path Traversal and Web Shell Upload

CVE-2025-54443 CRITICAL

Samsung MagicINFO 9 Server < 21.1080.0 - Path Traversal and Web Shell Upload

CVE-2025-54438 CRITICAL

Samsung MagicINFO 9 Server < 21.1080.0 - Path Traversal and Web Shell Upload

CVE-2025-8021 HIGH

files-bucket-server - Path Traversal

CVE-2025-54141 HIGH

ViewVC 1.1.0-1.1.31 and 1.2.0-1.2.3 - Path Traversal via Standalone Script

CVE-2025-54140 HIGH

pyload-ng 0.5.0b3.dev89 - Authenticated Path Traversal and Arbitrary File Write via /json/upload Endpoint

CVE-2025-51475 MEDIUM

TransformerOptimus SuperAGI <0.0.14 - Path Traversal

Previous Page 63 of 366 Next

Details

Vulnerabilities 9,140

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy