CWE-35 · Path Traversal: '.../...//'

170 CVEs classified under CWE-35 (Path Traversal: '.../...//'). Browse by severity and year.

Top CVEs for CWE-35
CVESeverityScorePublishedSummary
CVE-2025-24786Critical10.02025-02-06WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory `/db`, there is no path traver…
CVE-2026-45661Critical9.92026-05-29Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that al…
CVE-2025-59793Critical9.92026-02-17Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. H…
CVE-2026-6074Critical9.82026-04-23Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs dow…
CVE-2025-41723Critical9.82025-10-22The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to ar…
CVE-2025-42937Critical9.82025-10-14SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent…
CVE-2025-30515Critical9.82025-06-09CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
CVE-2024-39171Critical9.82024-07-09Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statemen…
CVE-2018-3744Critical9.82018-05-29The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.
CVE-2026-52703Critical9.62026-06-15Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
CVE-2024-56045Critical9.32024-12-31Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.
CVE-2024-40505Critical9.32024-07-16Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component.
CVE-2023-39916Critical9.32023-09-13NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the op…
CVE-2026-7302Critical9.12026-05-18SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere…
CVE-2020-27130Critical9.12020-11-17A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to…
CVE-2026-40128Critical9.02026-06-09SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusio…
CVE-2026-42661High8.82026-06-15Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.
CVE-2026-45495High8.82026-05-18Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2026-20034High8.82026-05-06A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an a…
CVE-2025-41736High8.82025-11-18A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a…