Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,143 vulnerabilities with CWE-22

CVE-2024-44255 HIGH

iPadOS < 18.1 - Path Traversal via Arbitrary Shortcuts Execution

CVE-2024-50453 HIGH

The Pack Elementor addons <= 2.0.9 - PHP Local File Inclusion via Relative Path Traversal

CVE-2024-49771 MEDIUM

MPXJ 8.3.5-13.5.0 - Path Traversal

CVE-2024-48224 MEDIUM

funadmin 5.0.2 - Path Traversal and Arbitrary File Read via /curd/index/editfile

CVE-2024-49766 MEDIUM

Werkzeug < 3.0.6 - Path Traversal on Windows via UNC Path Handling

CVE-2024-37847 HIGH

MangoOS < 5.1.4 and Mango API < 4.5.5 - Arbitrary File Upload and Remote Code Execution

CVE-2024-49381 HIGH

Plenti < 0.7.2 - Arbitrary File Deletion via /postLocal Endpoint

CVE-2024-10379 MEDIUM

ESAFENET CDG 5 - Path Traversal via DecryptApplicationService decryptFileId Parameter

CVE-2024-47027 HIGH

Lib/Sm < Shared Mem - Privilege Escalation

CVE-2024-45842 MEDIUM

Toshibatec E-studio1058 Firmware < t1.01.h4.00 - Path Traversal

CVE-2024-10011 HIGH

BuddyPress <14.1.0 - Path Traversal

CVE-2024-49760 HIGH

OpenRefine <3.8.3 - Info Disclosure

CVE-2024-49359 HIGH

ZimaOS < 1.2.5 - Authenticated Directory Traversal via File API Endpoint

CVE-2024-48931 HIGH

ZimaOS < 1.2.5 - Authenticated Arbitrary File Read via File API Endpoint

CVE-2024-47883 CRITICAL

OpenRefine Butterfly < 1.2.6 - Path Traversal and Server-Side Request Forgery via file:/ URL

CVE-2024-45262 HIGH

GL-iNet Firmware - Path Traversal via /rpc Endpoint Params Parameter

CVE-2024-10313 HIGH

iniNet Solutions SpiderControl SCADA PC HMI Editor - Path Traversal

CVE-2024-48213 MEDIUM

RockOA 2.6.5 - Path Traversal in beifenAction.php

CVE-2024-20379 MEDIUM

Cisco Secure Firewall Management Center - Info Disclosure

CVE-2024-41717 CRITICAL

Kieback & Peter's DDC4000 - Path Traversal

CVE-2024-35308 HIGH

Pandora FMS 700-777.3 - Authenticated Arbitrary File Read via Server Plugins Section

CVE-2024-41713 CRITICAL KEV

Mitel MiCollab < 9.8.1.201 - Unauthenticated Path Traversal in NuPoint Unified Messaging

CVE-2024-49366 HIGH

nginxui/nginx_ui < 2.0.0-beta.35 - Path Traversal and Arbitrary File Write

CVE-2024-45309 HIGH

OneDev Unauthenticated Arbitrary File Read

CVE-2024-47742 HIGH

Linux Kernel - Path Traversal via Firmware Loader

Previous Page 96 of 366 Next

Details

Vulnerabilities 9,143

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy