Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22

CVE-2025-27147 HIGH

GLPI Inventory Plugin <1.5.0 - Privilege Escalation

CVE-2025-2744 MEDIUM

ruoyi-vue-pro 2.4.1 - Path Traversal via Material Upload Interface

CVE-2025-2743 MEDIUM

ruoyi-vue-pro 2.4.1 - Path Traversal via Material Upload Interface

CVE-2025-2742 MEDIUM

ruoyi-vue-pro 2.4.1 - Path Traversal via Material Upload Interface

CVE-2025-2716 LOW

China Mobile P22g-CIac 1.0.00.488 - Path Traversal

CVE-2025-2708 MEDIUM

ruoyi-vue-pro 2.4.1 - Path Traversal via Backend File Upload Interface

CVE-2025-2749 HIGH KEV

Kentico Xperience < 13.0.178 - Authenticated Remote Code Execution via Staging Sync Server File Upload

CVE-2025-2707 MEDIUM

zhijiantianya ruoyi-vue-pro 2.4.1 - Path Traversal via Front-End Store Interface

CVE-2025-1973 MEDIUM

Export and Import Users and Customers <= 2.6.2 - Authenticated Path Traversal via download_file()

CVE-2025-30343 LOW

OpenSlides < 4.2.5 - Path Traversal via ZIP Archive Extraction

CVE-2025-2505 CRITICAL

Age Gate plugin for WordPress <3.5.3 - Code Injection

CVE-2025-1770 HIGH

Eventin plugin <4.0.24 - Local File Inclusion

CVE-2025-27787 HIGH

Applio < 3.2.8-bugfix - Path Traversal and Denial of Service via Model Name Parameter

CVE-2025-27786 CRITICAL

Applio < 3.2.8-bugfix - Arbitrary File Removal via output_tts_path Parameter

CVE-2025-27785 HIGH

Applio < 3.2.8-bugfix - Arbitrary File Read via train.py export_index Function

CVE-2025-27783 CRITICAL

Applio < 3.2.8-bugfix - Arbitrary File Write and Remote Code Execution via train.py

CVE-2025-27782 CRITICAL

Applio < 3.2.8-bugfix - Arbitrary File Write and Remote Code Execution via inference.py

CVE-2025-2449 HIGH

NI FlexLogger - Remote Code Execution

CVE-2025-2493 HIGH

Sytel Ltd Softdial Contact Center - Path Traversal

CVE-2025-0694 MEDIUM

CODESYS Control - Privilege Escalation

CVE-2025-25685 HIGH

GL-INet Beryl AX GL-MT3000 <4.7.0 - Path Traversal

CVE-2025-25684 HIGH

GL-INet Beryl AX GL-MT3000 <4.7.0 - Info Disclosure

CVE-2025-29787 HIGH

zip 1.3.0-2.3.0 - Arbitrary File Write via Symbolic Link Canonicalization

CVE-2025-2363 MEDIUM

lenve VBlog <= 1.0.0 - Path Traversal via ArticleController uploadImg Filename Parameter

CVE-2025-2264 HIGH

Sante PACS Server Path Traversal (CVE-2025-2264)

Previous Page 78 of 366 Next

Details

Vulnerabilities 9,142

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy