Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,142 vulnerabilities with CWE-22

CVE-2024-53844 MEDIUM

EDDI 4.3-5.3.3 - Path Traversal via RestExportService botFilename Parameter

CVE-2024-33605 HIGH

Multiple MFPs - Path Traversal via installed_emanual_list.html

CVE-2024-52787 CRITICAL

libre-chat 0.0.6 - Path Traversal via Crafted Filename in Uploaded File

CVE-2024-11664 HIGH

eNMS < 4.2 - Path Traversal via TGZ File Handler

CVE-2024-10803 HIGH

MP3 Sticky Player <8.0 - Path Traversal

CVE-2024-7565 HIGH

SMARTBEAR SoapUI - Remote Code Execution via unpackageAll Directory Traversal

CVE-2024-5581 HIGH

Allegra < 7.5.2 - Authenticated Remote Code Execution via UnzipFile Path Traversal

CVE-2024-10220 HIGH

Kubernetes <1.28.11, 1.29.0-1.29.6, 1.30.0-1.30.2 - Command Injection

CVE-2024-37046 MEDIUM

QNAP QTS and QuTS hero - Authenticated Path Traversal

CVE-2024-37043 MEDIUM

QNAP QTS and QuTS hero - Authenticated Path Traversal

CVE-2024-52056 MEDIUM

Wowza Streaming Engine <4.9.1 - Path Traversal

CVE-2024-52055 MEDIUM

Wowza Streaming Engine <4.9.1 - Path Traversal

CVE-2024-52054 LOW

Wowza Streaming Engine <4.9.1 - Path Traversal

CVE-2024-52771 CRITICAL

DedeBIZ 6.3.0 - Arbitrary File Deletion via /admin/file_manage_view

CVE-2024-52449 HIGH

Navneil Naicer Bootscraper <2.1.0 - Path Traversal

CVE-2024-52448 HIGH

WebCodingPlace Ultimate Classified Listings <1.4 - Path Traversal

CVE-2024-52444 HIGH

WPOPAL Opal Woo Custom Product Variation <1.1.3 - Path Traversal

CVE-2024-52600 MEDIUM

Statamic CMS < 5.17.0 - Path Traversal via Crafted Filename Upload

CVE-2024-48071 MEDIUM

Weaver e-cology - Path Traversal and Denial of Service

CVE-2024-47820 MEDIUM

Markus < 2.4.8 - Authenticated Path Traversal

CVE-2024-11303 HIGH

Korenix JetPort <1.2 - Path Traversal

CVE-2024-41971 HIGH

Unknown Product <Version> - Privilege Escalation

CVE-2024-11315 CRITICAL

DVC 6.0-6.3 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2024-11314 CRITICAL

DVC 6.0-<6.4 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2024-11313 CRITICAL

DVC 6.0-6.3 - Unauthenticated Path Traversal and Arbitrary File Write

Previous Page 92 of 366 Next

Details

Vulnerabilities 9,142

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy