Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22

CVE-2024-11010 HIGH

FileOrganizer <1.1.4 - Authenticated RCE

CVE-2024-10516 HIGH

Swift Performance Lite <2.3.7.1 - Local PHP File Inclusion

CVE-2024-11585 HIGH

WP Hide & Security Enhancer <2.5.1 - Info Disclosure

CVE-2024-53523 HIGH

JSFinder - Path Traversal in find_by_file Function

CVE-2024-10933 MEDIUM

OpenBSD < 7.4 - Path Traversal via Untrusted File System readdir

CVE-2024-53490 HIGH

Favorites-web 1.3.0 - Path Traversal

CVE-2024-51549 CRITICAL

ABB ASPECT <3.08.02, NEXUS Series <3.08.02, MATRIX Series <3.08.02 ...

CVE-2024-54132 MEDIUM

cli/cli < 2.63.1 - Path Traversal via Malicious GitHub Actions Workflow Artifact

CVE-2024-54154 HIGH

JetBrains YouTrack <2024.3.51866 - Path Traversal

CVE-2024-11952 HIGH

Classic Addons - WPBakery Page Builder <3.0 - Code Injection

CVE-2024-11398 HIGH

Synology Router Manager <1.3.1-9346-9 - Path Traversal

CVE-2024-49421 MEDIUM

Quick Share Agent <3.5.14.47-3.5.19.42 - Path Traversal

CVE-2024-49411 MEDIUM

ThemeCenter <SMR Dec-2024 Release 1 - Path Traversal

CVE-2024-53566 MEDIUM

Sangoma Asterisk 22.0.0-rc1 22.0.0-rc2 22.0.0-pre1 22.0.0 - Path Traversal via action_listcategories()

CVE-2024-46909 CRITICAL

WhatsUp Gold < 24.0.1 - Unauthenticated Remote Code Execution

CVE-2024-49360 CRITICAL

Sandboxie < 1.14.6 and < 5.69.6 - Authenticated Path Traversal via Sandbox Directory Access

CVE-2024-11992 CRITICAL

Quick.CMS 6.7 - Path Traversal and Arbitrary File Deletion via aDirFiles Parameter

CVE-2024-11481 HIGH

Trellix ESM 11.6.10 - Unauthenticated Path Traversal & API Forwarding via Snowservice

CVE-2024-52481 HIGH

Astoundify Jobify < 4.3.0 - Unauthenticated Path Traversal

CVE-2024-9669 HIGH

File Manager Pro - Filester <= 1.8.5 - Authenticated Local JavaScript File Inclusion via fm_locale Parameter

CVE-2024-46939 LOW

Game Extension Engine <1.2.7.0 - Path Traversal

CVE-2024-54004 MEDIUM

Jenkins Filesystem List Parameter Plugin <0.0.14 - Info Disclosure

CVE-2024-11667 HIGH KEV

Zyxel ATP-USG FLEX-50(W) - Path Traversal

CVE-2024-11219 MEDIUM

Otter Blocks < 3.0.7 - Unauthenticated Path Traversal via get_image Function

CVE-2024-53676 CRITICAL

HPE Insight Remote Support < 7.14.0.629 - Directory Traversal and Remote Code Execution

Previous Page 91 of 366 Next

Details

Vulnerabilities 9,142

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy