CWE-36 · Absolute Path Traversal
127 CVEs classified under CWE-36 (Absolute Path Traversal). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-51549 | Critical | 10.0 | 2024-12-05 | Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXU… |
CVE-2023-3765 | Critical | 10.0 | 2023-07-19 | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. |
CVE-2022-24877 | Critical | 9.9 | 2022-05-06 | Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` all… |
CVE-2025-34392 | Critical | 9.8 | 2025-12-10 | Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL tha… |
CVE-2025-0851 | Critical | 9.8 | 2025-01-29 | A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary location… |
CVE-2024-13161 | Critical | 9.8 | 2025-01-14 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated at… |
CVE-2024-13160 | Critical | 9.8 | 2025-01-14 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated at… |
CVE-2024-13159 | Critical | 9.8 | 2025-01-14 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated at… |
CVE-2024-10811 | Critical | 9.8 | 2025-01-14 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated at… |
CVE-2024-9924 | Critical | 9.8 | 2024-10-14 | The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can dow… |
CVE-2024-20401 | Critical | 9.8 | 2024-07-17 | A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwri… |
CVE-2024-10833 | Critical | 9.1 | 2025-03-20 | eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is suscep… |
CVE-2024-10831 | Critical | 9.1 | 2025-03-20 | In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to uploa… |
CVE-2024-47883 | Critical | 9.1 | 2024-10-24 | The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer t… |
CVE-2024-2362 | Critical | 9.1 | 2024-06-06 | A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Window… |
CVE-2025-7846 | High | 8.8 | 2025-10-31 | The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the save_fields() fun… |
CVE-2025-57790 | High | 8.8 | 2025-08-20 | A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulner… |
CVE-2025-6381 | High | 8.8 | 2025-06-28 | The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file… |
CVE-2024-8501 | High | 8.8 | 2025-03-20 | An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user t… |
CVE-2024-29053 | High | 8.8 | 2024-04-09 | Microsoft Defender for IoT Remote Code Execution Vulnerability |