Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22

CVE-2025-25997 HIGH

FeMiner wms 1.0 - Path Traversal via databak.php Component

CVE-2025-25295 HIGH

Label Studio SDK <1.0.10 - Path Traversal

CVE-2025-1127 CRITICAL

Lexmark Printer Firmware - Arbitrary Code Execution

CVE-2025-24889 MEDIUM

SecureDrop Client <1.0.1 - Code Injection

CVE-2025-24888 HIGH

securedrop-client < 0.14.1 - Path Traversal via Content-Disposition Header

CVE-2025-1228 MEDIUM

Loggrove <e428fac38cc480f011afcb1d8ce6c2bad378ddd6 - Path Traversal

CVE-2025-0332 HIGH

Telerik UI for WinForms <2025.1.211 - Path Traversal

CVE-2025-24406 HIGH

Adobe Commerce < 2.4.4 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2025-25243 HIGH

SAP SRM MDM Catalog 7.52 - Unauthenticated Path Traversal via Public Servlet

CVE-2025-1106 MEDIUM

CmsEasy 7.7.7.9 - Path Traversal in database_admin.php deletedir_action/restore_action

CVE-2025-25163 HIGH

Zach Swetz Plugin A/B Image Optimizer <3.3 - Path Traversal

CVE-2025-25155 HIGH

efreja Music Sheet Viewer <4.1 - Path Traversal

CVE-2025-24786 CRITICAL

clidey/whodb < 0.45.0 - Unauthenticated Path Traversal via Database File Path

CVE-2025-0859 MEDIUM

Post and Page Builder by BoldGrid < 1.27.7 - Authenticated Path Traversal via template_via_url() Function

CVE-2025-0799 MEDIUM

IBM App Connect enterprise - Privilege Escalation

CVE-2025-22601 LOW

Discourse < 3.4.0 - Path Traversal via Activate-Account Route

CVE-2025-24963 MEDIUM

Vitest Browser Mode - Local File Read

CVE-2025-23059 MEDIUM

Aruba ClearPass Policy Manager 6.11.0-6.11.9 - Authenticated Sensitive Data Exposure via Directory Traversal

CVE-2025-22205 HIGH

Admiror Gallery <4.x - Path Traversal

CVE-2025-24961 MEDIUM

org.gaul S3Proxy <2.6.0 - Info Disclosure

CVE-2025-24960 HIGH

Jellystat < 1.1.3 - Authenticated Path Traversal via Files Endpoint

CVE-2025-24605 MEDIUM

WOLF - WordPress Posts Bulk Editor and Products Manager Professional < 1.0.8.6 - Path Traversal

CVE-2025-24569 HIGH

RedefiningTheWeb PDF Generator Addon - Path Traversal

CVE-2025-23819 HIGH

NotFound WP Cloud <1.4.3 - Path Traversal

CVE-2025-0973 MEDIUM

CmsEasy 7.7.7.9 - Path Traversal via select[] Parameter in backAll_action

Previous Page 81 of 366 Next

Details

Vulnerabilities 9,142

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy