Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22

CVE-2024-6648 HIGH

AP Page Builder <4.0.0 - Path Traversal

CVE-2024-11615 MEDIUM

Envolve Plugin <1.0 - Path Traversal

CVE-2024-55913 MEDIUM

IBM Concert 1.0.0-1.0.5 - Path Traversal via URL Request

CVE-2024-41792 HIGH

SENTRON 7KT PAC1260 Data Manager - Unauthenticated Path Traversal via Web Interface

CVE-2024-54291 HIGH

PluginPass <0.9.10 - Path Traversal

CVE-2024-12905 HIGH

tar-fs < 1.16.4, 2.0.0-2.1.2, 3.0.0-3.0.8 - Path Traversal and Arbitrary File Write via Malicious Tar Extraction

CVE-2024-13920 MEDIUM

Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated Path Traversal via download_file() Function

CVE-2024-9597 HIGH

parisneo/lollms < v12 - Path Traversal

CVE-2024-9415 HIGH

superagi 0.0.14 - Path Traversal and Arbitrary File Write via File Upload

CVE-2024-9362 HIGH

Polyaxon < latest - Unauthenticated Directory Traversal

CVE-2024-8898 CRITICAL

lollms_web_ui V12 - Path Traversal and Arbitrary Directory Creation/Deletion via Install/Uninstall API Endpoints

CVE-2024-8769 CRITICAL

aimhubio/aim <bb76afe - Path Traversal

CVE-2024-8581 CRITICAL

parisneo/lollms-webui V12 - Path Traversal

CVE-2024-8524 HIGH

modelscope/agentscope <0.0.4 - Path Traversal

CVE-2024-8438 HIGH

modelscope/agentscope <0.0.4 - Path Traversal

CVE-2024-8060 HIGH

OpenWebUI < 0.5.17 - Authenticated Path Traversal and Arbitrary File Write via Audio API Endpoint

CVE-2024-7776 CRITICAL

onnx <= 1.16.1 - Path Traversal and Arbitrary File Overwrite via Malicious Tar File

CVE-2024-7034 HIGH

open-webui 0.3.8 - Arbitrary File Write via Models Upload Endpoint

CVE-2024-6851 HIGH

aimhubio/aim <3.22.0 - Path Traversal

CVE-2024-5752 CRITICAL

Devika - Path Traversal via Crafted Project Name

CVE-2024-12866 HIGH

qanything v2.0.0 - Path Traversal and Remote Code Execution

CVE-2024-12217 MEDIUM

gradio - Path Traversal via NTFS Alternate Data Streams Bypass

CVE-2024-12065 HIGH

haotian-liu/llava - Local File Inclusion via Gradio Web UI

CVE-2024-11037 MEDIUM

binary-husky gpt_academic - Path Traversal via Absolute Path Bypass

CVE-2024-10948 MEDIUM

binary-husky gpt_academic - Unauthenticated Arbitrary File Read via WebSocket Upload Path Manipulation

Previous Page 84 of 366 Next

Details

Vulnerabilities 9,142

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy