CWE-35
Path Traversal: '.../...//'
VariantIncomplete
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (96)
page 1 of 5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59793 | Cri | 0.64 | 9.9 | 0.01 | Feb 17, 2026 | Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution. | |
| CVE-2025-41723 | Cri | 0.64 | 9.8 | 0.00 | Oct 22, 2025 | The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations. | |
| CVE-2025-42937 | Cri | 0.64 | 9.8 | 0.00 | Oct 14, 2025 | SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application. | |
| CVE-2025-53417 | Cri | 0.61 | — | 0.01 | Aug 5, 2025 | DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability | |
| CVE-2026-6074 | Cri | 0.60 | — | 0.00 | Apr 23, 2026 | Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory | |
| CVE-2025-5598 | Cri | 0.60 | — | 0.01 | Jun 4, 2025 | Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve Embedded Sensitive Data.This issue affects airleader MASTER: 3.0046. | |
| CVE-2024-56045 | Cri | 0.60 | 9.3 | 0.00 | Dec 31, 2024 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5. | |
| CVE-2026-42930 | Hig | 0.57 | 8.7 | 0.00 | May 13, 2026 | When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |
| CVE-2026-20034 | Hig | 0.57 | 8.8 | 0.00 | May 6, 2026 | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. | |
| CVE-2025-59099 | Hig | 0.57 | — | 0.00 | Jan 26, 2026 | The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible to retrieve all files stored on the file system, including the SQLite database Database.sq3, containing badge information and the corresponding PIN codes. Additionally, when trying to access certain files, the web server crashes and becomes unreachable for about 60 seconds. This can be abused to continuously send the request and cause denial of service. | |
| CVE-2025-53880 | Hig | 0.57 | — | 0.00 | Oct 30, 2025 | A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses. | |
| CVE-2025-47649 | Hig | 0.57 | 8.8 | 0.00 | May 7, 2025 | Path Traversal: '.../...//' vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows PHP Local File Inclusion.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.9. | |
| CVE-2024-49249 | Hig | 0.56 | 8.6 | 0.00 | Jan 7, 2025 | Path Traversal: '.../...//' vulnerability in SMSA Express SMSA Shipping smsa-shipping-official allows Path Traversal.This issue affects SMSA Shipping: from n/a through <= 2.3. | |
| CVE-2024-52447 | Hig | 0.56 | 8.6 | 0.00 | Nov 20, 2024 | Path Traversal: '.../...//' vulnerability in corporatezen222 Contact Page With Google Map contact-page-with-google-map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through <= 1.6.1. | |
| CVE-2026-25705 | Hig | 0.55 | 8.4 | 0.00 | May 13, 2026 | A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code. * Write to /var/lib/rancher/ to tamper with cluster state. * If hostPath volumes are mounted, write to the host node filesystem. * Use this issue to chain with other attack vectors. | |
| CVE-2024-56055 | Hig | 0.55 | 8.5 | 0.01 | Dec 18, 2024 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | |
| CVE-2024-56049 | Hig | 0.55 | 8.5 | 0.00 | Dec 18, 2024 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | |
| CVE-2024-56214 | Hig | 0.54 | 8.3 | 0.00 | Dec 31, 2024 | Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro: from n/a through <= 5.1.9. | |
| CVE-2025-48090 | Hig | 0.53 | 8.1 | 0.00 | Nov 6, 2025 | Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through < 1.5. | |
| CVE-2025-39467 | Hig | 0.53 | 8.1 | 0.00 | Nov 6, 2025 | Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1. |