Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-22

CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,144 vulnerabilities with CWE-22

CVE-2024-47164 MEDIUM

Gradio < 5.0.0 - Path Traversal Bypass via is_in_or_equal Function

CVE-2024-7037 HIGH

open-webui v0.3.8 - Arbitrary File Write and Delete via /api/pipelines/upload Endpoint

CVE-2024-9675 HIGH

Buildah - Path Traversal via Cache Mount

CVE-2024-9575 HIGH

Pretix Widget <1.0.6 - Local File Inclusion

CVE-2024-47191 HIGH

oath-toolkit <2.6.12 - Privilege Escalation

CVE-2024-36814 MEDIUM

Adguard Home <0.107.52 - Info Disclosure

CVE-2024-9381 HIGH

Ivanti Endpoint Manager Cloud Services Appliance < 5.0.2 - Authenticated Path Traversal

CVE-2024-47011 HIGH

Ivanti Avalanche <6.4.5 - Path Traversal

CVE-2024-47010 HIGH

Ivanti Avalanche <6.4.5 - Path Traversal

CVE-2024-47009 HIGH

Ivanti Avalanche <6.4.5 - Path Traversal

CVE-2024-47949 MEDIUM

JetBrains TeamCity < 2024.07.3 - Path Traversal and Arbitrary File Write via Backup File

CVE-2024-47948 MEDIUM

JetBrains TeamCity < 2024.07.3 - Path Traversal via Server Backups

CVE-2024-47563 MEDIUM

Siemens SINEC Security Monitor < V4.9.0 - Path Traversal

CVE-2024-47818 MEDIUM

Saltcorn <1.0.0-beta15 - File Deletion

CVE-2024-45291 MEDIUM

PhpSpreadsheet Image Embedding - File Read and Server-Side Request Forgery

CVE-2024-47559 HIGH

Xerox FreeFlow Core - Authenticated Path Traversal Code Execution

CVE-2024-47558 HIGH

Xerox FreeFlow Core - Authenticated Remote Code Execution via Path Traversal

CVE-2024-47557 HIGH

Xerox FreeFlow Core 7.0-7.0.10 - Unauthenticated Remote Code Execution via Path Traversal

CVE-2024-47556 HIGH

Xerox FreeFlow Core 7.0-7.0.10 - Unauthenticated Remote Code Execution via Path Traversal

CVE-2024-46446 CRITICAL

Mecha CMS 3.0.0 - Path Traversal and Arbitrary File Deletion via Cookie and URI Manipulation

CVE-2024-47309 MEDIUM

Condless Cities Shipping Zones for WooCommerce <1.2.7 - Path Traversal

CVE-2024-44034 HIGH

Martin Greenwood WPSPX <1.0.2 - Path Traversal

CVE-2024-44018 HIGH

Istmo Plugins Instant Chat Floating Button <1.0.5 - Path Traversal

CVE-2024-9146 MEDIUM

James Low CSS JS Files <1.5.0 - Path Traversal

CVE-2024-44016 HIGH

Podiant <= 1.1 - PHP Local File Inclusion via Path Traversal

Previous Page 98 of 366 Next

Details

Vulnerabilities 9,144

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy