Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-23

CWE-23

Relative Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

417 vulnerabilities with CWE-23

CVE-2024-5547 HIGH

stitionai devika - Directory Traversal via /api/download-project-pdf project_name Parameter

CVE-2024-37138 MEDIUM

Dell PowerProtect DD < 8.0, LTS < 7.13.1.0, LTS < 7.10.1.30, LTS < 7.7.5.40 - Relative Path Traversal

CVE-2024-3497 HIGH

Toshiba Tec e-Studio multi-function peripheral (MFP) - Path Traversal and Arbitrary File Write

CVE-2024-2461 MEDIUM

Hitachi Energy FOX61x and XMC20 - Path Traversal

CVE-2024-4330 LOW

lollms_web_ui 9.6 - Path Traversal via 'category' Parameter in 'list_personalities' Endpoint

CVE-2024-36362 MEDIUM

JetBrains TeamCity <2022.04.7-2024.03.2 - Path Traversal

CVE-2024-35186 HIGH

Crates.io Gix-worktree-state < 0.11.0 - Path Traversal

CVE-2024-33615 HIGH

CyberPower PowerPanel - Path Traversal

CVE-2024-30010 HIGH

Microsoft Windows Hyper-V - Remote Code Execution

CVE-2024-34712 MEDIUM

Oceanic.js < 1.10.4 - Path Traversal via Unencoded API Endpoint Input

CVE-2024-0549 HIGH

mintplex-labs/anything-llm - Path Traversal

CVE-2024-32005 HIGH

NiceGUI <1.4.21 - Local File Inclusion

CVE-2024-3025 CRITICAL

AnythingLLM < 1.0.0 - Path Traversal via Logo Filename Manipulation

CVE-2024-0335 HIGH

ABB Symphony Plus S+ Operations Relative Path Traversal in VPNI Feature

CVE-2024-20352 MEDIUM

Cisco Emergency Responder - Path Traversal

CVE-2024-20310 MEDIUM

Cisco Unified Communications Manager IM & Presence Service Stored XSS via Web Interface

CVE-2024-25944 MEDIUM

Dell OpenManage Enterprise < 4.0.1 - Unauthenticated Path Traversal

CVE-2024-2053 HIGH

Artica Proxy - Unauthenticated Arbitrary File Read via Local File Inclusion Bypass

CVE-2024-24578 CRITICAL

RaspberryMatic unauthenticated Remote Code Execution vulnerability through HMServer File Upload.

CVE-2024-27770 HIGH

Unitronics Unistream Unilogic <1.35.227 - Path Traversal

CVE-2024-22398 MEDIUM

SonicWall Email Security Appliance - Path Traversal

CVE-2024-2318 MEDIUM

ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028 - Path Traversal via Service Port 9999 File Download

CVE-2024-27199 HIGH KEV

TeamCity < 2023.11.4 - Authentication Bypass

CVE-2024-0550 MEDIUM

AnythingLLM < 1.0.0 - Authenticated Relative Path Traversal via Profile Picture API

CVE-2024-22226 LOW

Dell Unity Operating Environment < 5.4.0.0.5.094 - Authenticated Path Traversal via svc_supportassist Utility

Previous Page 10 of 17 Next

Details

Vulnerabilities 417

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy