CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22
CVE-2025-47512 HIGH
Tainacan <= 0.21.14 - Path Traversal
CVSS 8.6
CVE-2025-47492 HIGH
add-ons.org Drag and Drop File Upload for Elementor Forms <1.4.3 - ...
CVSS 8.6
CVE-2025-46527 MEDIUM
LikeCoin Web3Press <3.2.0 - Path Traversal
CVSS 6.5
CVE-2025-46486 MEDIUM
Nomupay Payment Processing Gateway <7.1.7 - Path Traversal
CVSS 4.9
CVE-2025-31053 HIGH
quantumcloud KBx Pro Ultimate <8.0.5 - Path Traversal
CVSS 7.7
CVE-2025-4419 MEDIUM
Hot Random Image <= 1.9.2 - Authenticated Path Traversal via Path Parameter
CVSS 4.3
CVE-2025-3884 HIGH
Cloudera Hue - Unauthenticated Directory Traversal in Ace Editor
CVSS 7.5
CVE-2025-3486 HIGH
Allegra < 8.1.2 - Authenticated Path Traversal and Remote Code Execution via isZipEntryValide Method
CVSS 8.8
CVE-2025-5029 MEDIUM
Kingdee Cloud Galaxy Private Cloud BBC System <9.0 Patch April 2025...
CVSS 5.4
CVE-2025-4524 CRITICAL
Madara WordPress <2.2.2 - Local File Inclusion
CVSS 9.8
CVE-2025-48017 CRITICAL
Circuit Provisioning & File Import < - Path Traversal
CVSS 9.0
CVE-2025-41229 HIGH
VMware Cloud Foundation - Path Traversal
CVSS 8.2
CVE-2025-3223 MEDIUM
GE Vernova WorkstationST <7.10.10C - Path Traversal
CVSS 5.9
CVE-2025-32926 CRITICAL
ThemeGoods Grand Restaurant <= 7.0 - Path Traversal
CVSS 9.8
CVE-2025-27566 LOW
a-blog cms < 3.0.47 - Authenticated Path Traversal and Arbitrary File Deletion via Backup Feature
CVSS 3.8
CVE-2025-4912 MEDIUM
SourceCodester Student Result Management System 1.0 - Path Traversal via old_photo Parameter
CVSS 5.4
CVE-2025-4898 MEDIUM
Student Result Management System 1.0 - Path Traversal via Logo File Handler
CVSS 5.4
CVE-2025-4893 MEDIUM
jammy928 CoinExchange_CryptoExchange_Java <8adf508b996020d3efbeeb24...
CVSS 6.3
CVE-2025-4868 MEDIUM
merikbest ecommerce-spring-reactjs <464e610bb11cc2619cf6ce8212ccc2d...
CVSS 6.3
CVE-2025-47273 HIGH
setuptools < 78.1.1 - Path Traversal and Arbitrary File Write via PackageIndex
CVSS 8.8
CVE-2025-4807 MEDIUM
SourceCodester Online Student Clearance System 1.0 - Info Disclosure
CVSS 5.3
CVE-2025-40629 HIGH
PNETLab 4.2.10 - Path Traversal via HTTP Request File Path Manipulation
CVE-2025-4720 MEDIUM
SourceCodester Student Result Management System 1.0 - Path Traversal via academic/core/drop_student.php img Parameter
CVSS 5.4
CVE-2025-47788 CRITICAL
Atheos < 602 - Path Traversal via $target Parameter in controller.php
CVE-2025-4564 CRITICAL
TicketBAI Facturas para WooCommerce <3.18 - Path Traversal
CVSS 9.8
Details
Vulnerabilities 9,142
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits