Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,141 vulnerabilities with CWE-22

CVE-2025-6801 HIGH

Marvell QConvergeConsole - Path Traversal

CVE-2025-6800 HIGH

Marvell QConvergeConsole - Path Traversal

CVE-2025-6799 HIGH

Marvell QConvergeConsole < 5.5.0.85 - Unauthenticated Path Traversal and Information Disclosure via getFileUploadBytes

CVE-2025-6798 CRITICAL

Marvell QConvergeConsole < 5.5.0.85 - Path Traversal & Arbitrary File Deletion

CVE-2025-6797 HIGH

Marvell QConvergeConsole < 5.5.0.85 - Unauthenticated Path Traversal and Information Disclosure via getFileUploadBytes

CVE-2025-6796 HIGH

Marvell QConvergeConsole < 5.5.0.85 - Unauthenticated Path Traversal and Information Disclosure via getAppFileBytes

CVE-2025-6795 HIGH

Marvell QConvergeConsole < 5.5.0.85 - Unauthenticated Path Traversal and Information Disclosure via getFileUploadSize

CVE-2025-6794 CRITICAL

Marvell QConvergeConsole < 5.5.0.85 - Unauthenticated Path Traversal and Remote Code Execution via saveAsText Method

CVE-2025-6793 CRITICAL

Marvell QConvergeConsole < 5.5.0.85 - Unauthenticated Path Traversal and Arbitrary File Deletion via QLogicDownloadImpl

CVE-2025-6210 MEDIUM

run-llama/llama_index <0.12.27 - Path Traversal

CVE-2025-3046 HIGH

llamaindex 0.12.23-0.12.28 - Arbitrary File Read via ObsidianReader Symlink Handling

CVE-2025-7108 MEDIUM

RiseSoft-Y9 Digital-Infrastructure <9.6.7 - Path Traversal

CVE-2025-7107 MEDIUM

SimStudioAI sim < 0.1.17 - Path Traversal via handleLocalFile Function

CVE-2025-7098 MEDIUM

Comodo Internet Security Premium 12.3.4.8162 - Path Traversal in File Name Handler

CVE-2025-49303 MEDIUM

Shabti Kaplan Frontend Admin <3.28.7 - Path Traversal

CVE-2025-28980 HIGH

Machouinard Aviation Weather <0.7.2 - Path Traversal

CVE-2025-2932 HIGH

JKDEVKIT <1.9.4 - Privilege Escalation

CVE-2025-34076 HIGH

Microweber CMS <=1.2.11 - Local File Inclusion

CVE-2025-53358 MEDIUM

kotaemon <= 0.10.6 - Path Traversal and Arbitrary File Read via Unvalidated File Path

CVE-2025-53110 HIGH

Model Context Protocol Servers < 0.6.4 and < 2025.7.01 - Path Traversal

CVE-2025-4946 HIGH

Vikinger theme <1.9.32 - Privilege Escalation

CVE-2025-27022 HIGH

Infinera G42 R6.1.3 - Path Traversal

CVE-2025-24330 MEDIUM

Nokia Single RAN <24R1-SR 1.0 MP - Path Traversal

CVE-2025-24329 MEDIUM

Nokia Single RAN <24R1-SR 1.0 MP - Path Traversal

CVE-2025-5014 HIGH

The Home Villas | Real Estate WordPress Theme <2.8 - Privilege Esca...

Previous Page 66 of 366 Next

Details

Vulnerabilities 9,141

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy