Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,143 vulnerabilities with CWE-22

CVE-2024-51990 CRITICAL

jj-lib < 0.23.0 - Path Traversal and Arbitrary File Write

CVE-2024-51751 MEDIUM

Gradio 5.0.0-5.4.9 - Path Traversal via File or UploadButton Component

CVE-2024-20532 MEDIUM

Cisco Identity Services Engine - Authenticated Path Traversal and Arbitrary File Deletion via API

CVE-2024-20529 MEDIUM

Cisco Identity Services Engine - Authenticated Path Traversal and Arbitrary File Read/Delete via API

CVE-2024-20528 LOW

Cisco Identity Services Engine - Authenticated Path Traversal and Arbitrary File Write via API

CVE-2024-20527 MEDIUM

Cisco Identity Services Engine - Authenticated Arbitrary File Read and Delete via API Parameter

CVE-2024-47464 MEDIUM

Instant AOS-8/AOS-10 - Path Traversal

CVE-2024-51756 LOW

cap-std < 3.4.1 - Path Traversal via Superscript Device Filename Bypass

CVE-2024-47253 HIGH

2N Access Commander <3.1.1.2 - Path Traversal

CVE-2024-51127 HIGH

HornetQ < 2.4.9 - Path Traversal via createTempFile Method

CVE-2024-51582 HIGH

ThimPress WP Hotel Booking <2.1.4 - Path Traversal

CVE-2024-10389 HIGH

Safearchive < 0.0.0-20241025131057-f7ce9d7b6f9c - Path Traversal and Arbitrary File Write via Symbolic Link Extraction

CVE-2024-51483 MEDIUM

changedetection.io < 0.47.5 - Path Traversal via WebDriver File URL

CVE-2024-49770 HIGH

oak < 17.1.3 - Path Traversal via URL-Encoded Forward Slash Bypass

CVE-2024-37423 HIGH

Newspack Blocks <3.0.8 - Path Traversal

CVE-2024-37108 HIGH

WishList Member X <3.26.6 - Path Traversal

CVE-2024-39722 HIGH

Ollama < 0.1.46 - Path Traversal via API Push Route

CVE-2024-39332 CRITICAL

Webswing 23.2.2 - Path Traversal and Remote Code Execution via Client-Side JavaScript Modification

CVE-2024-10005 HIGH

HashiCorp Consul L7 Traffic Intentions - URL Path Access Rule Bypass

CVE-2024-48735 HIGH

SAS Studio 9.4 - Path Traversal via Workspace File Download

CVE-2024-50509 HIGH

Chetan Khandla Woocommerce Product Design <1.0.0 - Path Traversal

CVE-2024-50508 HIGH

Chetan Khandla Woocommerce Product Design <1.0.0 - Path Traversal

CVE-2024-7962 HIGH

gaizhenbiao/chuanhuchatgpt 20240628 - Arbitrary File Read via Insufficient Prompt Template Validation

CVE-2024-7774 CRITICAL

langchain.js < 0.2.19 - Path Traversal via getFullPath Method

CVE-2024-5982 CRITICAL

gaizhenbiao/chuanhuchatgpt < 20240918 - Path Traversal and Arbitrary File Write via Unsanitized Input Handling

Previous Page 95 of 366 Next

Details

Vulnerabilities 9,143

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy