Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,092 vulnerabilities with CWE-22

CVE-2026-46724 MEDIUM

Path Traversal in extension "Faceted Search" (ke_search)

CVE-2026-31379 MEDIUM

Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager

CVE-2026-29220 MEDIUM

Apache OFBiz: Low-Privilege LFI in Content Component

CVE-2026-47091 LOW

Claude HUD 0.0.12 Path Traversal via transcript_path

CVE-2026-45230 CRITICAL

DumbAssets 1.0.11 Path Traversal File Deletion via /api/delete-file

CVE-2026-29963 HIGH

HSC MailInspector 5.3.3-7 - Path Traversal

CVE-2026-20685 MEDIUM

Apple Private Cloud Compute Server Software < 5E290.3 - Improper Input Validation

CVE-2026-8802 MEDIUM

opensourcepos Open Source Point of Sale Items.php getPicThumb path traversal

CVE-2026-6381 HIGH

WP Maps < 4.9.3 - Subscriber+ Local File Inclusion

CVE-2026-8770 LOW

continuedev continue JSON-RPC Server lsTool.ts lsTool path traversal

CVE-2026-8765 MEDIUM

Kilo-Org kilocode File Diff API Endpoint worktree-diff.ts Bun.file path traversal

CVE-2026-8757 HIGH

adenhq hive Delete Request routes_sessions.py _read_events_tail path traversal

CVE-2026-8756 HIGH

fishaudio Bert-VITS2 Gradio webui_preprocess.py generate_config path traversal

CVE-2026-8755 HIGH

fishaudio Bert-VITS2 Model hiyoriUI.py _get_all_models path traversal

CVE-2026-8754 MEDIUM

AstrBotDevs AstrBot File Upload chat.py post_file path traversal

CVE-2026-8736 MEDIUM

Oinone Pamirs RestController LocalFileClient.java request.getParameter path traversal

CVE-2026-44566 HIGH

Open WebUI: Arbitrary File Upload and Path Traversal

CVE-2026-44565 HIGH

Open WebUI: Open WebUI Arbitrary File Write, Delete via Path Traversal

CVE-2026-46383 MEDIUM

Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle probing in `apm install`

CVE-2026-44641 HIGH

Microsoft APM: plugin.json component paths escape plugin root and copy arbitrary host files during install

CVE-2026-7182 CRITICAL

Path Traversal in Diagram

CVE-2026-41552 HIGH

Path Traversal in PDF Export Module

CVE-2026-6403 HIGH

Quick Playground <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'stylesheet' Parameter

CVE-2026-44647 HIGH

OneDev: Path Traversal (read capability via Git LFS pointer resolution)

CVE-2026-44522 HIGH

Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leading to Remote Code Execution

Previous Page 8 of 364 Next

Details

Vulnerabilities 9,092

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy