Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22

CVE-2025-25800 MEDIUM

SeaCMS 13.3 - Path Traversal and Arbitrary File Read via admin_safe_file.php

CVE-2025-27142 HIGH

LocalSend < 1.17.0 - Path Traversal and Remote Code Execution via Prepare-Upload and Upload Endpoints

CVE-2025-26935 HIGH

WP Job Portal <= 2.2.8 - Path Traversal and Local File Inclusion via Dot-Slash Sequence

CVE-2025-26905 HIGH

Estatik <= 4.3.0 - PHP Local File Inclusion via Path Traversal

CVE-2025-26753 HIGH

VideoWhisper Live Streaming <6.2 - Path Traversal

CVE-2025-26752 HIGH

VideoWhisper Live Streaming Integration <6.2 - Path Traversal

CVE-2025-25279 CRITICAL

Mattermost <10.4.1-10.3.2-10.2.2 - Info Disclosure

CVE-2025-20051 CRITICAL

Mattermost <10.4.1-10.3.2-10.2.2 - Info Disclosure

CVE-2025-1599 MEDIUM

Best Church Management Software 1.0 - Path Traversal via old_cat_img Parameter

CVE-2025-1588 MEDIUM

PHPGurukul Online Nurse Hiring System 1.0 - Path Traversal via Profile Picture Upload

CVE-2025-1543 MEDIUM

iteachyou Dreamer CMS 4.1.3 - Path Traversal in UEditor Resource Handler

CVE-2025-27098 MEDIUM

GraphQL Mesh CLI 0.78.0-0.82.21 and HTTP < 0.3.19 - Path Traversal via Static File Handler

CVE-2025-27092 HIGH

GHOSTS 8.0.0-8.2.7.90 - Path Traversal via NPC Photo Retrieval Endpoint

CVE-2025-24965 HIGH

crun < 1.20 - Path Traversal via krun Handler

CVE-2025-26616 HIGH

WeGIA < 3.2.14 - Path Traversal via exportar_dump.php Endpoint

CVE-2025-26615 CRITICAL

WeGIA < 3.2.14 - Path Traversal via examples.php Endpoint

CVE-2025-22663 HIGH

Paid Videochat Turnkey Site <7.2.12 - Path Traversal

CVE-2025-25284 HIGH

ZOO-Project - Unauthenticated Path Traversal via Gdal_Translate VRT SourceFilename Parameter

CVE-2025-1035 MEDIUM

Komtera Technolgies KLog Server <3.1.1 - Path Traversal

CVE-2025-25223 MEDIUM

LuxCal Web Calendar <5.3.3 - Path Traversal

CVE-2025-26779 MEDIUM

Fahad Mahmood Keep Backup Daily <2.1.0 - Path Traversal

CVE-2025-1357 MEDIUM

Seventh D-Guard <20250206 - Path Traversal

CVE-2025-1336 MEDIUM

CmsEasy 7.7.7.9 - Path Traversal via imgname Argument in deleteimg_action Function

CVE-2025-1335 MEDIUM

CmsEasy 7.7.7.9 - Path Traversal via imgname Argument in deleteimg_action Function

CVE-2025-0822 MEDIUM

Bit Assist < 1.5.3 - Authenticated Path Traversal via fileID Parameter

Previous Page 80 of 366 Next

Details

Vulnerabilities 9,142

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy