Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22

CVE-2025-4186 MEDIUM

Wangshen SecGate 3600 - Path Traversal

CVE-2025-4185 MEDIUM

Wangshen SecGate 3600 2024 - Path Traversal

CVE-2025-4178 MEDIUM

xiaowei1118 java_server < 2019-09-22 - Path Traversal in File Upload API

CVE-2025-4175 MEDIUM

AlanBinu007 Spring-Boot-Advanced-Projects <3.1.3 - Path Traversal

CVE-2025-46565 MEDIUM

Vite <6.3.4, 6.2.7, 6.1.6, 5.4.19, 4.5.14 - Info Disclosure

CVE-2025-27409 HIGH

Joplin < 3.3.3 - Path Traversal via Static File Path Handling

CVE-2025-4078 MEDIUM

Wangshen SecGate 3600 2400 - Path Traversal

CVE-2025-2817 HIGH

Firefox <115.23.0, 115.23-115.*, <128.10.0, 128.10-128.*, >=138 Privilege Escalation via Update Mechanism

CVE-2025-27937 MEDIUM

SIOS Quick Agent V3 < 3.2.1 and V2 < 2.9.8 - Authenticated Path Traversal

CVE-2025-26692 HIGH

SIOS Quick Agent V3 < 3.2.1 and V2 < 2.9.8 - Unauthenticated Path Traversal and Remote Code Execution

CVE-2025-46433 MEDIUM

JetBrains TeamCity <2025.03.1 - Path Traversal

CVE-2025-28354 MEDIUM

Entrust Corp Printer Manager <D3.18.4-3 - Path Traversal

CVE-2025-1565 HIGH

Mayosis Core <5.4.1 - Info Disclosure

CVE-2025-3300 HIGH

WPMasterToolKit <2.5.2 - Path Traversal

CVE-2025-3065 CRITICAL

Database Toolset <1.8.4 - Path Traversal

CVE-2025-32950 MEDIUM

Jmix Framework 1.0.0-1.6.1 and 2.0.0-2.3.4 - Path Traversal via FileRef Parameter

CVE-2025-34028 CRITICAL KEV

Commvault Command Center Innovation Release <11.38.20 - Path Traversal

CVE-2025-23250 HIGH

NVIDIA NeMo < 25.02 - Path Traversal and Arbitrary File Write

CVE-2025-3577 MEDIUM

Zyxel AMG1302-T10B Firmware 2.00(AAJC.16)C0 - Authenticated Path Traversal

CVE-2025-28099 MEDIUM

opencms V2.3 - Path Traversal and Arbitrary File Read in dataPage.jsp

CVE-2025-32431 CRITICAL

Traefik < 2.11.24, 3.3.6 - Path Traversal via PathPrefix/Path/PathRegex Matcher

CVE-2025-29660 CRITICAL

Yi IOT XY-3820 v6.0.24.10 - Arbitrary Script Execution via Directory Traversal in TCP Service

CVE-2025-0632 CRITICAL

Formulatrix Rock Maker Web 3.2.1.1-3.18.3.2 - Local File Inclusion via Render Function

CVE-2025-43928 MEDIUM

Infodraw Media Relay Service 7.1.0.0 - Unauthenticated Path Traversal via Username Field

CVE-2025-43919 MEDIUM

GNU Mailman 2.1.1-2.1.38 - Unauthenticated Path Traversal via Username Parameter

Previous Page 74 of 366 Next

Details

Vulnerabilities 9,142

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy