Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22

CVE-2025-32209 MEDIUM

Total processing card payments for WooCommerce <7.1.5 - Path Traversal

CVE-2025-32205 LOW

Piotnet Forms <1.0.30 - Path Traversal

CVE-2025-30582 HIGH

aytechnet DyaPress ERP/CRM <18.0.2.0 - Path Traversal

CVE-2025-30290 HIGH

ColdFusion <2023.12, 2021.18, 2025.0 - Path Traversal

CVE-2025-27085 MEDIUM

AOS-10 GW/AOS-8 - Authenticated RCE

CVE-2025-32018 HIGH

Cursor 0.45.0-0.48.6 - Path Traversal via Cursor Agent File Modification

CVE-2025-25254 HIGH

FortiWeb 7.0.0-7.4.6, 7.6.2 and below - Authenticated Path Traversal and Arbitrary File Write

CVE-2025-2519 MEDIUM

Sreamit theme <4.0.1 - File Download

CVE-2025-3381 MEDIUM

zhangyanbo2007 youkefu 4.2.0 - Path Traversal

CVE-2025-3424 HIGH

IntelliSpace Portal <12 - Info Disclosure

CVE-2025-31174 MEDIUM

HarmonyOS - Path Traversal in DFS Module

CVE-2025-3317 MEDIUM

fumiao opencms - Path Traversal via dataPage.jsp Path Parameter

CVE-2025-2941 CRITICAL

WooCommerce <1.1.4 - Path Traversal

CVE-2025-3214 MEDIUM

JFinal CMS <= 5.2.4 - Path Traversal via Template Argument in readTemplate

CVE-2025-2270 HIGH

Countdown & Clock <2.8.9.1 - Local File Inclusion

CVE-2025-31827 MEDIUM

Fonto <= 1.2.2 - Path Traversal

CVE-2025-31825 MEDIUM

Category Icon <1.0.0 - Path Traversal

CVE-2025-31800 MEDIUM

Publitio <= 2.2.0 - Path Traversal

CVE-2025-31554 MEDIUM

Docxpresso <= 2.6 - Absolute Path Traversal

CVE-2025-30596 MEDIUM

include-file <= 1 - Path Traversal

CVE-2025-22926 CRITICAL

OS4ED openSIS 8.0-9.1 - Path Traversal via Crafted POST Request to /Modules.php

CVE-2025-22927 CRITICAL

OS4ED openSIS 8.0-9.1 - Path Traversal via Crafted POST Request to Inbox.php

CVE-2025-22923 HIGH

OS4ED openSIS 8.0-9.1 - Path Traversal and Arbitrary File Deletion via /Modules.php

CVE-2025-30841 CRITICAL

Countdown & Clock <2.8.8 - Path Traversal

CVE-2025-31131 HIGH

Yeswiki < 4.5.2 - Unauthenticated Path Traversal

Previous Page 76 of 366 Next

Details

Vulnerabilities 9,142

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy