Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22

CVE-2025-43566 MEDIUM

Adobe ColdFusion <= 2025.1, <= 2023.13, <= 2021.19 - Path Traversal and Arbitrary File Read

CVE-2025-30387 CRITICAL

Azure AI Document Intelligence Studio - Path Traversal

CVE-2025-31493 CRITICAL

Kirby < 3.9.8.3, 3.10.1.2, 4.7.1 - Path Traversal and Remote Code Execution via Dynamic Collection Name

CVE-2025-30207 HIGH

Kirby <3.9.8.3, <3.10.1.2, <4.7.1 - Path Traversal

CVE-2025-28055 HIGH

upset-gal-web 7.1.0 - Path Traversal and Arbitrary File Read via /api/music/v1/cover.ts

CVE-2025-30159 CRITICAL

Kirby <3.9.8.3, 3.10.1.2, 4.7.1 - Path Traversal

CVE-2025-40573 MEDIUM

SCALANCE LPE9403 < V4.0 HF0 - Path Traversal via Backup Restore

CVE-2025-4632 CRITICAL KEV

Samsung MagicINFO <21.1052 - Path Traversal

CVE-2025-4545 MEDIUM

CTCMS 2.1.2 - Path Traversal via Tpl.php File Handler

CVE-2025-4530 MEDIUM

feng_ha_ha/megagao ssm-erp & production_ssm 1.0 - Path Traversal

CVE-2025-4529 MEDIUM

Seeyon Zhiyuan OA Web Application System 8.1 SP2 - Path Traversal via M3CoreController Download Function

CVE-2025-4511 MEDIUM

vector4wang spring-boot-quick <20250422 - Path Traversal

CVE-2025-2158 HIGH

WordPress Review Plugin <5.3.5 - Code Injection

CVE-2025-4206 HIGH

Groundhogg <4.1.1.2 - Privilege Escalation

CVE-2025-3897 MEDIUM

EUCookieLaw <2.7.2 - Info Disclosure

CVE-2025-4377 HIGH

Sparx Systems Pro Cloud Server <6.0.165 - Path Traversal

CVE-2025-44021 LOW

OpenStack Ironic < 24.1.3, 24-24.1.3, 25-26.1.1, 27-29.0.1 - Arbitrary File Write via Image Handling

CVE-2025-32820 HIGH

SonicWall SMA 100/200/210/400/410/500v Firmware < 10.2.1.15-81sv - Authenticated Path Traversal

CVE-2025-20187 MEDIUM

Cisco Catalyst SD-WAN Manager - Path Traversal

CVE-2025-20949 MEDIUM

Samsung Members < 5.0.00.11 - Path Traversal and Arbitrary File Write

CVE-2025-22479 LOW

Dell Storage Manager 20.0.21 - Unauthenticated Path Traversal and Script Injection

CVE-2025-4329 MEDIUM

74cms < 3.33.0 - Path Traversal via /index.php/index/download/index URL Parameter

CVE-2025-46559 MEDIUM

Misskey <2025.4.1 - Info Disclosure

CVE-2025-45239 MEDIUM

foxcms 2.0.6 - Path Traversal via DataBackup.php Restores Method

CVE-2025-45238 CRITICAL

foxcms v1.2.5 - Arbitrary File Deletion via delRestoreSerie Method

Previous Page 73 of 366 Next

Details

Vulnerabilities 9,142

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy