Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22

CVE-2025-0365 MEDIUM

Jupiter X Core <4.8.7 - Path Traversal

CVE-2025-24891 CRITICAL

DumbDrop - Path Traversal and Arbitrary File Write

CVE-2025-0493 CRITICAL

MultiVendorX <4.2.14 - Local File Inclusion

CVE-2025-0573 MEDIUM

Sante PACS Server < 4.0.10 - Unauthenticated Path Traversal and Arbitrary File Write via DCM File Parsing

CVE-2025-0572 MEDIUM

Sante PACS Server Web Portal < - Path Traversal

CVE-2025-0750 MEDIUM

CRI-O - Path Traversal in Log Management Functions

CVE-2025-23084 MEDIUM

Node.js 18.0-18.20.6 - Path Traversal in Windows Drive Name Handling

CVE-2025-0542 HIGH

G DATA Management Server - Privilege Escalation

CVE-2025-0703 MEDIUM

JoeyBling bootplus - Path Traversal

CVE-2025-24611 MEDIUM

Smackcoders WP Ultimate Exporter <2.9 - Path Traversal

CVE-2025-23422 HIGH

Store Locator <3.98.10 - Path Traversal

CVE-2025-23562 MEDIUM

NotFound XLSXviewer <2.1.1 - Path Traversal

CVE-2025-24019 HIGH

YesWiki <= 4.4.5 - Authenticated Arbitrary File Deletion via Filemanager

CVE-2025-0615 MEDIUM

Qualifio's Wheel of Fortune - Info Disclosure

CVE-2025-0614 MEDIUM

Qualifio's Wheel of Fortune - Info Disclosure

CVE-2025-22786 HIGH

ElementInvader Addons for Elementor <= 1.2.6 - Path Traversal and Local File Inclusion via .../...//

CVE-2025-0461 MEDIUM

Shanghai Lingdang Information Technology Lingdang CRM <= 8.6.0.0 - Path Traversal via pathfile Parameter

CVE-2025-0401 MEDIUM

reggie 1.0 - Path Traversal via CommonController Download Function

CVE-2025-22152 CRITICAL

Atheos < 600 - Path Traversal and Arbitrary File Write via $path and $target Parameters

CVE-2025-22130 HIGH

Soft Serve < 0.8.2 - Path Traversal and Repository Takeover

CVE-2025-21623 HIGH

ClipBucket 5.3-5.5.1-238 - Unauthenticated Path Traversal and Denial of Service via Template Directory

CVE-2025-21622 HIGH

ClipBucket >=5.3 <5.5.1-237 - Unauthenticated Path Traversal and Arbitrary File Deletion via Avatar URL Parameter

CVE-2024-32729 HIGH

WordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arbitrary File Download vulnerability

CVE-2024-47273 MEDIUM

Synology Hyper Backup < 4.1.2-4036 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2024-47263 MEDIUM

Synology Hyper Backup < 4.1.2-4036 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Previous Page 82 of 366 Next

Details

Vulnerabilities 9,142

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy