CWE-36 · Absolute Path Traversal

127 CVEs classified under CWE-36 (Absolute Path Traversal). Browse by severity and year.

Top CVEs for CWE-36
CVESeverityScorePublishedSummary
CVE-2024-51549Critical10.02024-12-05Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXU…
CVE-2023-3765Critical10.02023-07-19Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
CVE-2022-24877Critical9.92022-05-06Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` all…
CVE-2025-34392Critical9.82025-12-10Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL tha…
CVE-2025-0851Critical9.82025-01-29A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary location…
CVE-2024-13161Critical9.82025-01-14Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated at…
CVE-2024-13160Critical9.82025-01-14Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated at…
CVE-2024-13159Critical9.82025-01-14Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated at…
CVE-2024-10811Critical9.82025-01-14Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated at…
CVE-2024-9924Critical9.82024-10-14The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can dow…
CVE-2024-20401Critical9.82024-07-17A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwri…
CVE-2024-10833Critical9.12025-03-20eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is suscep…
CVE-2024-10831Critical9.12025-03-20In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to uploa…
CVE-2024-47883Critical9.12024-10-24The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer t…
CVE-2024-2362Critical9.12024-06-06A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Window…
CVE-2025-7846High8.82025-10-31The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the save_fields() fun…
CVE-2025-57790High8.82025-08-20A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulner…
CVE-2025-6381High8.82025-06-28The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file…
CVE-2024-8501High8.82025-03-20An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user t…
CVE-2024-29053High8.82024-04-09Microsoft Defender for IoT Remote Code Execution Vulnerability