Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22

CVE-2025-41428 MEDIUM

TimeWorks 10.0-10.3 - Unauthenticated Path Traversal

CVE-2025-48387 HIGH

tar-fs <3.0.9, <2.1.3, <1.16.5 - Path Traversal

CVE-2025-27956 HIGH

WebLaudos 24.2 (04) - Path Traversal via id Parameter

CVE-2025-48940 HIGH

MyBB < 1.8.39 - Local File Inclusion via Upgrade Component Parameter

CVE-2025-37095 CRITICAL

HPE StoreOnce System < 4.3.11 - Path Traversal

CVE-2025-37094 MEDIUM

HPE StoreOnce System < 4.3.11 - Path Traversal and Arbitrary File Deletion

CVE-2025-48957 HIGH

AstrBot 3.4.4-3.5.12 - Path Traversal and Information Disclosure via Dashboard Feature

CVE-2025-33004 MEDIUM

IBM Planning Analytics Local <2.1 - Privilege Escalation

CVE-2025-5385 MEDIUM

JeeWMS < 2025-05-04 - Path Traversal via cgformTemplateController.do?doAdd

CVE-2025-5381 LOW

Yifang CMS < 2.0.2 - Path Traversal via Admin Panel File Download

CVE-2025-5380 MEDIUM

XueShengZhuSu <4d3f0ada - Path Traversal

CVE-2025-4857 HIGH

Newsletters <= 4.9.9.9 - Authenticated Local File Inclusion via File Parameter

CVE-2025-47952 CRITICAL

Traefik < 2.11.25 and < 3.4.1 - Path Traversal via URL-Encoded Path Bypass

CVE-2025-5328 MEDIUM

chshcms mccms 2.7 - Path Traversal via Backups.php restore_del Function

CVE-2025-48370 LOW

supabase/auth-js < 2.70.0 - Path Traversal via Invalid UUID Handling

CVE-2025-48744 MEDIUM

SIGB PMB < 8.0.1.2 - Local File Inclusion and Remote Code Execution

CVE-2025-5161 MEDIUM

H3C SecCenter SMP-E1114P02 < 20250513 - Path Traversal via /safeEvent/download filename Parameter

CVE-2025-5160 MEDIUM

H3C SecCenter SMP-E1114P02 < 20250513 - Path Traversal via Download Function Name Parameter

CVE-2025-5159 MEDIUM

H3C SecCenter SMP-E1114P02 < 20250513 - Path Traversal via Download Name Parameter

CVE-2025-5158 MEDIUM

H3C SecCenter SMP-E1114P02 < 20250513 - Path Traversal via downloadSoftware Filename Parameter

CVE-2025-5157 MEDIUM

H3C SecCenter SMP-E1114P02 < 20250513 - Path Traversal via filePath Parameter in fileContent Function

CVE-2025-48273 HIGH

WP Job Portal <2.3.2 - Path Traversal

CVE-2025-47603 HIGH

Belingo belingoGeo <1.12.0 - Path Traversal

CVE-2025-47535 HIGH

Opal Woo Custom Product Variation <1.2.0 - Path Traversal

CVE-2025-47513 MEDIUM

James Laforge Infocob CRM Forms <2.4.0 - Path Traversal

Previous Page 71 of 366 Next

Details

Vulnerabilities 9,142

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy