CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,141 vulnerabilities with CWE-22
CVE-2025-7360 CRITICAL
HT Contact Form Widget < 2.2.1 - Unauthenticated Arbitrary File Move
CVSS 9.1
CVE-2025-6265 HIGH
Zyxel NWA50AX PRO <7.10(ACGE.2 - Path Traversal
CVSS 7.2
CVE-2025-7628 MEDIUM
YiJiuSmile kkFileViewOfficeEdit < 2019-03-19 - Path Traversal via deleteFile Function
CVSS 5.4
CVE-2025-7626 MEDIUM
YiJiuSmile kkFileViewOfficeEdit < 2019-03-19 - Path Traversal via onlinePreview URL Parameter
CVSS 4.3
CVE-2025-7625 MEDIUM
kkFileViewOfficeEdit < 2019-03-19 - Path Traversal via Download URL Parameter
CVSS 4.3
CVE-2025-7575 MEDIUM
Zavy86 WikiDocs <1.0.78 - Path Traversal
CVSS 4.7
CVE-2025-7566 MEDIUM
jshERP < 3.5 - Path Traversal via exportExcelByParam Title Argument
CVSS 4.7
CVE-2025-7488 MEDIUM
JoeyBling SpringBoot_MyBatisPlus <a6a825513bd688f717dbae3a196bc9c96...
CVSS 4.3
CVE-2025-7518 MEDIUM
RSFirewall! <1.1.42 - Path Traversal
CVSS 4.9
CVE-2025-7452 MEDIUM
Kone-Net go-chat <f9e58d0afa9bbdb31faf25e7739da330692c4c63 - Path T...
CVSS 6.3
CVE-2025-7450 MEDIUM
letseeqiji gorobbs <1.0.8 - Path Traversal
CVSS 5.4
CVE-2025-46704 MEDIUM
Advantech iView < 5.7.05.7057 - Authenticated Path Traversal via NetworkServlet.processImportRequest()
CVSS 4.3
CVE-2025-53632 CRITICAL
ctfer-io chall-manager < 0.1.4 - Unauthenticated Path Traversal via Zip Slip
CVSS 9.1
CVE-2025-44177 HIGH
White Star Software Protop 4.4.2-2024-11-27 - Unauthenticated Path Traversal via /pt3upd/ Endpoint
CVSS 8.2
CVE-2025-4828 CRITICAL
Schiocco Support Board < 3.8.0 - Unauthenticated Arbitrary File Deletion via sb_file_delete Function
CVSS 9.8
CVE-2025-53513 HIGH
Juju < 2.9.52 - Path Traversal via Malicious Charm Upload
CVSS 8.8
CVE-2025-40738 HIGH
SINEC NMS < 4.0 - Path Traversal and Arbitrary File Write via ZIP Extraction
CVSS 8.8
CVE-2025-40737 HIGH
SINEC NMS < 4.0 - Path Traversal and Arbitrary File Write via ZIP Extraction
CVSS 8.8
CVE-2025-42970 MEDIUM
SAPCAR >=7.53 <SAP_CAR 7.53 and >=7.22EXT <7.22EXT - Path Traversal via Malicious Archive Extraction
CVSS 5.8
CVE-2025-53375 MEDIUM
dokploy < 0.23.7 - Authenticated Path Traversal
CVSS 6.5
CVE-2025-6807 HIGH
Marvell QConvergeConsole - Info Disclosure
CVSS 7.5
CVE-2025-6806 HIGH
Marvell QConvergeConsole - Path Traversal
CVSS 7.5
CVE-2025-6805 CRITICAL
Marvell QConvergeConsole - Path Traversal
CVSS 9.1
CVE-2025-6804 HIGH
Marvell QConvergeConsole - Info Disclosure
CVSS 7.5
CVE-2025-6803 HIGH
Marvell QConvergeConsole - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 9,141
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits