Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22

CVE-2025-3404 HIGH

WordPress Download Manager <3.3.12 - Privilege Escalation

CVE-2025-3520 HIGH

Avatar plugin <0.1.4 - Privilege Escalation

CVE-2025-39568 HIGH

StoreContrl Woocommerce <4.1.3 - Path Traversal

CVE-2025-27299 MEDIUM

WP Asia MyTicket Events <1.2.4 - Path Traversal

CVE-2025-27283 MEDIUM

rockgod100 Theme File Duplicator <1.3 - Path Traversal

CVE-2025-3295 MEDIUM

WP Editor <1.2.9.1 - Info Disclosure

CVE-2025-3294 HIGH

WP Editor <1.2.9.1 - Privilege Escalation

CVE-2025-28072 HIGH

PHPGurukul Pre-School Enrollment System - Path Traversal in manage-teachers.php

CVE-2025-3686 MEDIUM

misstt123 oasys 1.0 - Path Traversal via /show Image Function

CVE-2025-29213 MEDIUM

JEEWMS v3.7 - Remote Code Execution via Zip Slip in MigrateForm

CVE-2025-32779 MEDIUM

EDDI < 5.5.0 - Path Traversal and Arbitrary File Write via Backup Import Endpoint

CVE-2025-2830 MEDIUM

Thunderbird < 128.9.2 and 128.9.2-137.0.2 - Path Traversal and Information Disclosure via Malformed Attachment Filename

CVE-2025-32103 MEDIUM

CrushFTP 9.0.0-10.8.4 and 11.0.0-11.3.1 - Path Traversal via WebInterface Function URI

CVE-2025-32943 LOW

PeerTube < 7.1.1 - Authenticated Path Traversal via HLS Endpoint

CVE-2025-3562 MEDIUM

Yonyou YonBIP MA2.7 - Path Traversal

CVE-2025-3547 MEDIUM

agent-zero 0.8.1.2 - Path Traversal via /get_work_dir_files Path Parameter

CVE-2025-3445 HIGH

mholt/archiver < v3.5.1 - Path Traversal via ZIP Symlink Extraction

CVE-2025-32671 HIGH

Print Science Designer <1.3.155 - Path Traversal

CVE-2025-32633 HIGH

neoslab Database Toolset <1.8.4 - Path Traversal

CVE-2025-32631 HIGH

Oxygen MyData for WooCommerce <1.0.63 - Path Traversal

CVE-2025-32629 HIGH

CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirecto...

CVE-2025-32587 HIGH

WooCommerce Pickupp <2.4.0 - Path Traversal

CVE-2025-32509 HIGH

WPMinds Simple WP Events <1.8.17 - Path Traversal

CVE-2025-2636 HIGH

InstaWP Connect < 0.1.0.86 - Local PHP File Inclusion

CVE-2025-31411 MEDIUM

Linet ERP-Woocommerce Integration <3.5.12 - Path Traversal

Previous Page 75 of 366 Next

Details

Vulnerabilities 9,142

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy