Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22

CVE-2024-54382 MEDIUM

BoldThemes Bold Page Builder <5.1.5 - Path Traversal

CVE-2024-54380 HIGH

Filippo Bodei WP Cookies Enabler <1.0.1 - Path Traversal

CVE-2024-54375 HIGH

Woolook <= 1.7.0 - PHP Local File Inclusion via Path Traversal

CVE-2024-54374 HIGH

Sogrid <= 1.5.6 - PHP Local File Inclusion via Path Traversal

CVE-2024-54373 HIGH

EduAdmin Booking <5.2.0 - Path Traversal

CVE-2024-12362 MEDIUM

InvoicePlane <= 1.6.1 - Path Traversal via Invoice Download Argument

CVE-2024-55970 HIGH

Syncfusion Essential Studio for ASP.NET MVC <27.1.55 - Path Traversal

CVE-2024-54259 MEDIUM

DELUCKS SEO <2.5.5 - Path Traversal

CVE-2024-11834 CRITICAL

PlexTrac 1.61.3-2.8.1 - Path Traversal and Arbitrary File Write

CVE-2024-11833 CRITICAL

PlexTrac 1.61.3-2.8.1 - Path Traversal and Arbitrary File Write

CVE-2024-8647 MEDIUM

GitLab 15.2-17.4.6, 17.5 < 17.5.4, 17.6 < 17.6.2 - Anti-CSRF Token Leak via Harbor Integration

CVE-2024-55659 MEDIUM

SiYuan < 3.1.16 - Unauthenticated Arbitrary File Write and Stored Cross-Site Scripting via Asset Upload Endpoint

CVE-2024-55658 HIGH

SiYuan < 3.1.16 - Unauthenticated Arbitrary File Read via Path Traversal

CVE-2024-55657 HIGH

SiYuan < 3.1.16 - Path Traversal via Template Render Endpoint

CVE-2024-54489 HIGH

macOS < 13.7.2, < 14.7.2, < 15.2 - Unauthenticated Arbitrary Code Execution via Mount Command

CVE-2024-55587 HIGH

python-libarchive through 4.2.1 - Path Traversal via ZipFile.extract and ZipFile.extractall

CVE-2024-49082 MEDIUM

Windows 10/11, Server 2008-2012 - Information Disclosure via File Explorer Path Traversal

CVE-2024-12482 MEDIUM

cjbi wetech-cms 1.0/1.1/1.2 - Path Traversal via Database Backup Handler

CVE-2024-55550 LOW KEV

MiCollab < 9.8.1.201 - Authenticated Path Traversal

CVE-2024-55602 HIGH

pwndoc < 1.2.1 - Authenticated Path Traversal via Template File Extension

CVE-2024-45709 MEDIUM

SolarWinds Web Help Desk < 12.8.4 - Local File Read via Path Traversal

CVE-2024-10708 MEDIUM

System Dashboard WordPress Plugin < 2.8.15 - Authenticated Path Traversal

CVE-2024-21542 HIGH

luigi < 3.6.0 - Arbitrary File Write via Archive Extraction

CVE-2024-50626 HIGH

Digi ConnectPort LTS Firmware < 1.4.12 - Path Traversal in WebFS

CVE-2024-53790 HIGH

Ogun Labs Lenxel Core - Path Traversal

Previous Page 90 of 366 Next

Details

Vulnerabilities 9,142

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy