CWE-35
Path Traversal: '.../...//'
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (119)
page 1 of 6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6074 | Cri | 0.64 | 9.8 | 0.01 | Apr 23, 2026 | Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended… | ||
| CVE-2025-59793 | Cri | 0.64 | 9.9 | 0.01 | Feb 17, 2026 | Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to… | ||
| CVE-2025-41723 | — | Cri | 0.64 | 9.8 | 0.01 | Oct 22, 2025 | The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations. | |
| CVE-2025-42937 | Cri | 0.64 | 9.8 | 0.01 | Oct 14, 2025 | SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the… | ||
| CVE-2018-3744 | — | Cri | 0.64 | 9.8 | 0.02 | May 29, 2018 | The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. | |
| CVE-2026-52703 | Cri | 0.62 | 9.6 | 0.00 | Jun 15, 2026 | Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. | ||
| CVE-2025-53417 | Cri | 0.61 | — | 0.11 | Aug 5, 2025 | DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability | ||
| CVE-2025-5598 | Cri | 0.60 | — | 0.00 | Jun 4, 2025 | Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve Embedded Sensitive Data.This issue affects airleader MASTER: 3.0046. | ||
| CVE-2024-56045 | Cri | 0.60 | 9.3 | 0.01 | Dec 31, 2024 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5. | ||
| CVE-2026-40128 | Cri | 0.59 | 9.0 | 0.00 | Jun 9, 2026 | SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the… | ||
| CVE-2026-7302 | Cri | 0.59 | 9.1 | 0.00 | May 18, 2026 | SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints. | ||
| CVE-2026-42661 | Hig | 0.57 | 8.8 | 0.00 | Jun 15, 2026 | Custom role Path Traversal in WP Customer Area <= 8.3.4 versions. | ||
| CVE-2026-45661 | Cri | 0.57 | 9.9 | 0.01 | May 29, 2026 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with… | ||
| CVE-2026-45495 | Hig | 0.57 | 8.8 | 0.01 | May 18, 2026 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||
| CVE-2026-42930 | Hig | 0.57 | 8.7 | 0.00 | May 13, 2026 | When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||
| CVE-2026-20034 | Hig | 0.57 | 8.8 | 0.01 | May 6, 2026 | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could… | ||
| CVE-2025-59099 | Hig | 0.57 | — | 0.01 | Jan 26, 2026 | The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible… | ||
| CVE-2025-53880 | — | Hig | 0.57 | — | 0.00 | Oct 30, 2025 | A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is… | |
| CVE-2025-47649 | Hig | 0.57 | 8.8 | 0.00 | May 7, 2025 | Path Traversal: '.../...//' vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows PHP Local File Inclusion.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.9. | ||
| CVE-2024-49249 | Hig | 0.56 | 8.6 | 0.01 | Jan 7, 2025 | Path Traversal: '.../...//' vulnerability in SMSA Express SMSA Shipping smsa-shipping-official allows Path Traversal.This issue affects SMSA Shipping: from n/a through <= 2.3. |
- risk 0.64cvss 9.8epss 0.01
Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended…
- risk 0.64cvss 9.9epss 0.01
Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to…
- risk 0.64cvss 9.8epss 0.01
The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.
- risk 0.64cvss 9.8epss 0.01
SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the…
- risk 0.64cvss 9.8epss 0.02
The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.
- risk 0.62cvss 9.6epss 0.00
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
- risk 0.61cvss —epss 0.11
DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability
- risk 0.60cvss —epss 0.00
Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve Embedded Sensitive Data.This issue affects airleader MASTER: 3.0046.
- risk 0.60cvss 9.3epss 0.01
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.
- risk 0.59cvss 9.0epss 0.00
SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the…
- risk 0.59cvss 9.1epss 0.00
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.
- risk 0.57cvss 8.8epss 0.00
Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.
- risk 0.57cvss 9.9epss 0.01
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with…
- risk 0.57cvss 8.8epss 0.01
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- risk 0.57cvss 8.7epss 0.00
When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could…
- risk 0.57cvss —epss 0.01
The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible…
- risk 0.57cvss —epss 0.00
A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is…
- risk 0.57cvss 8.8epss 0.00
Path Traversal: '.../...//' vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows PHP Local File Inclusion.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.9.
- risk 0.56cvss 8.6epss 0.01
Path Traversal: '.../...//' vulnerability in SMSA Express SMSA Shipping smsa-shipping-official allows Path Traversal.This issue affects SMSA Shipping: from n/a through <= 2.3.