Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,140 vulnerabilities with CWE-22

CVE-2025-51481 MEDIUM

Dagster < 1.10.16 - Local File Inclusion via Notebook Path Traversal

CVE-2025-51480 HIGH

ONNX 1.17.0 - Path Traversal and Arbitrary File Write via External Data Location

CVE-2025-51463 HIGH

AIM 3.28.0 - Path Traversal and Arbitrary File Write via Crafted Backup Tar File

CVE-2025-7645 HIGH

Extensions For CF7 <3.2.8 - Path Traversal

CVE-2025-46120 CRITICAL

Ruckus Unleashed < 200.15.6.212.27 & ZoneDirector < 10.5.1.0.282 - Path Traversal & Arbitrary Template Execution

CVE-2025-49656 HIGH

Apache Jena < 5.5.0 - Authenticated Path Traversal via Database File Creation

CVE-2025-7896 MEDIUM

harry0703 MoneyPrinterTurbo <1.2.6 - Path Traversal

CVE-2025-27210 HIGH

Node.js 20.0.0-20.19.3, 22.0.0-22.17.0, 24.0.0-24.4.0 - Path Traversal via Windows Device Names in path.join

CVE-2025-6233 MEDIUM

Mattermost <10.8.1-10.5.7-9.11.16 - Path Traversal

CVE-2025-7643 CRITICAL

WordPress Attachment Manager <2.1.2 - Path Traversal

CVE-2025-3740 HIGH

School Management System for Wordpress <93.1.0 - Local File Inclusion

CVE-2025-7712 CRITICAL

Madara - Core plugin <2.2.3 - Path Traversal

CVE-2025-34126 HIGH

RIPS Scanner <0.54 - Path Traversal

CVE-2025-34120 HIGH

LimeSurvey <2.06+ Build 151014 - Info Disclosure

CVE-2025-34118 HIGH

Linknat VOS Manager <2.1.9.07 - Path Traversal

CVE-2025-31070 HIGH

LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon <2.5 ...

CVE-2025-28955 HIGH

FWDesign Easy Video Player <10.0 - Path Traversal

CVE-2025-7359 HIGH

WooCommerce <1.3.6 - Path Traversal

CVE-2025-53906 MEDIUM

Vim < 9.1.1551 - Path Traversal and Arbitrary File Write via Zip Archive Processing

CVE-2025-53905 MEDIUM

Vim < 9.1.1552 - Path Traversal and Arbitrary File Write via tar.vim Plugin

CVE-2025-49830 MEDIUM

Conjur < 1.22.1 and Secrets Manager, Self-Hosted < 13.5.1 - Authenticated Path Traversal via Policy YAML Parser

CVE-2025-50819 HIGH

beiyouo arxiv-daily <2025-05-06 - Path Traversal

CVE-2025-53622 MEDIUM

DSpace <7.6.4,8.2,9.1 - Path Traversal

CVE-2025-34110 CRITICAL

ColoradoFTP Server < 1.3 Build 8 - Path Traversal

CVE-2025-7360 CRITICAL

HT Contact Form Widget < 2.2.1 - Unauthenticated Arbitrary File Move

Previous Page 64 of 366 Next

Details

Vulnerabilities 9,140

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy