Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22

CVE-2024-53582 HIGH

OpenPanel 0.3.4 - Path Traversal via File Manager Copy and View Functions

CVE-2024-53537 CRITICAL

openpanel 0.2.1-0.3.4 - Path Traversal in File Manager File Actions

CVE-2024-55415 MEDIUM

DevDojo Voyager < 1.8.0 - Path Traversal via /admin/compass

CVE-2024-13720 HIGH

WP Image Uploader <= 1.0.1 - Unauthenticated Arbitrary File Deletion via gky_image_uploader_main_function

CVE-2024-13671 HIGH

Music Sheet Viewer < 4.1 - Unauthenticated Arbitrary File Read via read_score_file()

CVE-2024-54462 HIGH

image_picker_android >=0.8.5+6 <0.8.12+18 - Path Traversal via Malicious Document Provider

CVE-2024-54461 HIGH

file_selector_android 0.5.1-0.5.1+11 - Path Traversal via Malicious Document Provider

CVE-2024-57549 HIGH

CMSimple 5.16 - Path Traversal via File Parameter

CVE-2024-54520 MEDIUM

macOS < 13.7.2, < 14.7.2, < 15.2 - Arbitrary File Write via Path Handling Issue

CVE-2024-45598 MEDIUM

Cacti < 1.2.29 - Authenticated Arbitrary File Read via Poller Standard Error Log Path

CVE-2024-13550 MEDIUM

ABC Notation < 6.1.3 - Authenticated Path Traversal via abcjs Shortcode File Attribute

CVE-2024-12885 MEDIUM

Connections Business Directory <10.4.66 - Path Traversal

CVE-2024-13409 HIGH

Post Grid Slider Carousel Ultimate <1.6.10 - Local File Inclusion

CVE-2024-13545 CRITICAL

Bootstrap Ultimate < 1.4.9 - Unauthenticated Local File Inclusion via Path Parameter

CVE-2024-55926 HIGH

Xerox Workplace Suite - Info Disclosure

CVE-2024-42187 MEDIUM

BigFix Patch Download Plug-ins - Path Traversal

CVE-2024-45652 MEDIUM

IBM Maximo Asset Management 7.6.1.3 - Path Traversal via MXAPIASSET API

CVE-2024-10799 MEDIUM

Eventer WordPress Plugin <= 3.9.7 - Authenticated Path Traversal

CVE-2024-52363 MEDIUM

IBM InfoSphere Information Server 11.7 - Path Traversal

CVE-2024-57784 MEDIUM

Zenitel AlphaWeb XE v11.2.3.10 - Path Traversal

CVE-2024-48885 MEDIUM

Fortinet FortiRecorder 7.0.0-7.0.4, 7.2.0-7.2.1; FortiVoice 6.0-6.4.9, 7.0.0-7.0.4; FortiWeb 6.4-7.6.0 - Path Traversal

CVE-2024-57728 HIGH KEV

SimpleHelp < 5.5.8 - Authenticated Path Traversal and Arbitrary File Write via Zip Slip

CVE-2024-57727 HIGH KEV

SimpleHelp Path Traversal Vulnerability CVE-2024-57727

CVE-2024-54535 MEDIUM

iPadOS < 18.1 - Unprotected User Data Exposure via Path Handling Issue

CVE-2024-13158 HIGH

Ivanti Endpoint Manager < 2024 - Authenticated Remote Code Execution via Unbounded Resource Search Path

Previous Page 87 of 366 Next

Details

Vulnerabilities 9,142

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy