CWE-35 · Path Traversal: '.../...//'
170 CVEs classified under CWE-35 (Path Traversal: '.../...//'). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-24786 | Critical | 10.0 | 2025-02-06 | WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory `/db`, there is no path traver… |
CVE-2026-45661 | Critical | 9.9 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that al… |
CVE-2025-59793 | Critical | 9.9 | 2026-02-17 | Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. H… |
CVE-2026-6074 | Critical | 9.8 | 2026-04-23 | Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs dow… |
CVE-2025-41723 | Critical | 9.8 | 2025-10-22 | The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to ar… |
CVE-2025-42937 | Critical | 9.8 | 2025-10-14 | SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent… |
CVE-2025-30515 | Critical | 9.8 | 2025-06-09 | CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system. |
CVE-2024-39171 | Critical | 9.8 | 2024-07-09 | Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statemen… |
CVE-2018-3744 | Critical | 9.8 | 2018-05-29 | The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. |
CVE-2026-52703 | Critical | 9.6 | 2026-06-15 | Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. |
CVE-2024-56045 | Critical | 9.3 | 2024-12-31 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5. |
CVE-2024-40505 | Critical | 9.3 | 2024-07-16 | Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. |
CVE-2023-39916 | Critical | 9.3 | 2023-09-13 | NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the op… |
CVE-2026-7302 | Critical | 9.1 | 2026-05-18 | SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere… |
CVE-2020-27130 | Critical | 9.1 | 2020-11-17 | A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to… |
CVE-2026-40128 | Critical | 9.0 | 2026-06-09 | SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusio… |
CVE-2026-42661 | High | 8.8 | 2026-06-15 | Custom role Path Traversal in WP Customer Area <= 8.3.4 versions. |
CVE-2026-45495 | High | 8.8 | 2026-05-18 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
CVE-2026-20034 | High | 8.8 | 2026-05-06 | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an a… |
CVE-2025-41736 | High | 8.8 | 2025-11-18 | A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a… |