Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22

CVE-2025-1785 MEDIUM

WordPress Download Manager <3.3.08 - Path Traversal

CVE-2025-2215 MEDIUM

Doufox < 0.2.0 - Path Traversal via dir Parameter

CVE-2025-27101 HIGH

Opal < 5.1.1 - Unauthenticated Path Traversal via Directory Copy to /temp/

CVE-2025-2193 MEDIUM

MRCMS 3.1.2 - Path Traversal via File Controller Delete Function

CVE-2025-27397 LOW

SCALANCE LPE9403 - Privilege Escalation

CVE-2025-27395 HIGH

SCALANCE LPE9403 - Privilege Escalation

CVE-2025-1661 CRITICAL

HUSKY Products Filter Professional for WooCommerce <= 1.3.6.5 - Local File Inclusion via 'template'

CVE-2025-1322 MEDIUM

WP-Recall < 16.26.10 - Unauthenticated Information Exposure via Feed Shortcode

CVE-2025-27519 CRITICAL

Cognita < a78bd065e05a1b30a53a3386cc02e08c317d2243 - Path Traversal and Remote Code Execution via Local Upload Endpoint

CVE-2025-2032 LOW

ChestnutCMS 1.5.2 - Path Traversal via File Rename Function

CVE-2025-24494 HIGH

Keysight Ixia Vision < 6.7.0 - Authenticated Path Traversal and RCE via Upload

CVE-2025-23416 MEDIUM

Keysight Ixia Vision Product Family 6.3.1 - Path Traversal

CVE-2025-21095 MEDIUM

Keysight Ixia Vision Product Family - Path Traversal

CVE-2025-1915 HIGH

Google Chrome <134.0.6998.35 - Path Traversal

CVE-2025-27274 MEDIUM

NotFound GPX Viewer <2.2.11 - Path Traversal

CVE-2025-26540 HIGH

Helloprint <= 2.0.7 - Path Traversal

CVE-2025-26534 HIGH

Helloprint <= 2.0.7 - Path Traversal

CVE-2025-25162 HIGH

NotFound Sports Rankings & Lists <1.0.2 - Path Traversal

CVE-2025-27590 CRITICAL

oxidized-web < 0.15.0 - Unauthenticated Path Traversal

CVE-2025-27413 MEDIUM

pwndoc < 1.2.0 - Authenticated Path Traversal and Remote Code Execution via Backup Restore

CVE-2025-27410 MEDIUM

pwndoc < 1.2.0 - Authenticated Path Traversal and Remote Code Execution via Backup Restore

CVE-2025-0823 MEDIUM

IBM Cognos Analytics 11.2.0-11.2.4 FP5 and 12.0.0-12.0.4 - Path Traversal via URL Request

CVE-2025-1743 MEDIUM

zyx0814 Pichome 2.1.0 - Path Traversal

CVE-2025-25759 HIGH

SUCMS 1.0 - Path Traversal and Arbitrary File Deletion via admin_template.php

CVE-2025-1282 HIGH

Car Dealer Automotive WordPress Theme - Path Traversal

Previous Page 79 of 366 Next

Details

Vulnerabilities 9,142

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy