CWE-35
Path Traversal: '.../...//'
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (119)
page 3 of 6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-7300 | Hig | 0.52 | 8.0 | 0.00 | Dec 26, 2024 | Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.(Vulnerability ID:HWPSIRT-2023-60613) | ||
| CVE-2026-44933 | — | Hig | 0.51 | 7.8 | 0.00 | May 20, 2026 | `PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like… | |
| CVE-2025-67914 | Hig | 0.50 | 7.7 | 0.00 | Jan 8, 2026 | Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8. | ||
| CVE-2025-30014 | Hig | 0.50 | 7.7 | 0.01 | Apr 8, 2025 | SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity… | ||
| CVE-2024-54216 | Hig | 0.50 | 7.7 | 0.01 | Dec 6, 2024 | Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms arforms allows Path Traversal.This issue affects ARForms: from n/a through <= 6.4.1. | ||
| CVE-2026-25397 | Hig | 0.49 | 7.5 | 0.00 | Mar 25, 2026 | Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through <= 1.0.4. | ||
| CVE-2025-48317 | Hig | 0.49 | 7.5 | 0.00 | Sep 5, 2025 | Path Traversal: '.../...//' vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay woocommerce-payment-gateway-for-saferpay allows Path Traversal.This issue affects WooCommerce Payment Gateway for Saferpay: from n/a through <= 0.4.9. | ||
| CVE-2025-52805 | Hig | 0.49 | 7.5 | 0.00 | Jul 4, 2025 | Path Traversal: '.../...//' vulnerability in VaultDweller Leyka leyka allows PHP Local File Inclusion.This issue affects Leyka: from n/a through <= 3.32.1. | ||
| CVE-2025-49451 | Hig | 0.49 | 7.5 | 0.00 | Jun 17, 2025 | Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo… | ||
| CVE-2025-39492 | Hig | 0.49 | 7.5 | 0.00 | May 16, 2025 | Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision. | ||
| CVE-2025-47636 | Hig | 0.49 | 7.5 | 0.01 | May 7, 2025 | Path Traversal: '.../...//' vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through <= 0.91.0. | ||
| CVE-2025-32585 | Hig | 0.49 | 7.5 | 0.01 | Apr 11, 2025 | Path Traversal: '.../...//' vulnerability in Trusty Plugins Shop Products Filter trusty-woo-products-filter allows PHP Local File Inclusion.This issue affects Shop Products Filter: from n/a through <= 1.2. | ||
| CVE-2025-30834 | Hig | 0.49 | 7.5 | 0.00 | Apr 1, 2025 | Path Traversal: '.../...//' vulnerability in Bit Apps Bit Assist bit-assist allows Path Traversal.This issue affects Bit Assist: from n/a through <= 1.5.4. | ||
| CVE-2025-26935 | Hig | 0.49 | 7.5 | 0.01 | Feb 25, 2025 | Path Traversal: '.../...//' vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.2.8. | ||
| CVE-2025-22786 | Hig | 0.49 | 7.5 | 0.01 | Jan 15, 2025 | Path Traversal: '.../...//' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.2.6. | ||
| CVE-2024-21575 | Hig | 0.49 | 8.6 | 0.01 | Dec 12, 2024 | ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to the server. This results in writing arbitrary files to the file system which… | ||
| CVE-2024-52498 | Hig | 0.49 | 7.5 | 0.01 | Nov 28, 2024 | Path Traversal: '.../...//' vulnerability in softpulseinfotech SP Blog Designer sp-blog-designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through <= 1.0.0. | ||
| CVE-2024-50054 | — | Hig | 0.49 | 7.5 | 0.01 | Nov 22, 2024 | The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system. | |
| CVE-2024-51582 | Hig | 0.49 | 7.5 | 0.01 | Nov 4, 2024 | Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through <= 2.2.9. | ||
| CVE-2024-45248 | — | Hig | 0.49 | 7.5 | 0.01 | Oct 6, 2024 | Multi-DNC – CWE-35: Path Traversal: '.../...//' |
- risk 0.52cvss 8.0epss 0.00
Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.(Vulnerability ID:HWPSIRT-2023-60613)
- risk 0.51cvss 7.8epss 0.00
`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like…
- risk 0.50cvss 7.7epss 0.00
Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8.
- risk 0.50cvss 7.7epss 0.01
SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity…
- risk 0.50cvss 7.7epss 0.01
Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms arforms allows Path Traversal.This issue affects ARForms: from n/a through <= 6.4.1.
- risk 0.49cvss 7.5epss 0.00
Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through <= 1.0.4.
- risk 0.49cvss 7.5epss 0.00
Path Traversal: '.../...//' vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay woocommerce-payment-gateway-for-saferpay allows Path Traversal.This issue affects WooCommerce Payment Gateway for Saferpay: from n/a through <= 0.4.9.
- risk 0.49cvss 7.5epss 0.00
Path Traversal: '.../...//' vulnerability in VaultDweller Leyka leyka allows PHP Local File Inclusion.This issue affects Leyka: from n/a through <= 3.32.1.
- risk 0.49cvss 7.5epss 0.00
Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo…
- risk 0.49cvss 7.5epss 0.00
Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision.
- risk 0.49cvss 7.5epss 0.01
Path Traversal: '.../...//' vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through <= 0.91.0.
- risk 0.49cvss 7.5epss 0.01
Path Traversal: '.../...//' vulnerability in Trusty Plugins Shop Products Filter trusty-woo-products-filter allows PHP Local File Inclusion.This issue affects Shop Products Filter: from n/a through <= 1.2.
- risk 0.49cvss 7.5epss 0.00
Path Traversal: '.../...//' vulnerability in Bit Apps Bit Assist bit-assist allows Path Traversal.This issue affects Bit Assist: from n/a through <= 1.5.4.
- risk 0.49cvss 7.5epss 0.01
Path Traversal: '.../...//' vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.2.8.
- risk 0.49cvss 7.5epss 0.01
Path Traversal: '.../...//' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.2.6.
- risk 0.49cvss 8.6epss 0.01
ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to the server. This results in writing arbitrary files to the file system which…
- risk 0.49cvss 7.5epss 0.01
Path Traversal: '.../...//' vulnerability in softpulseinfotech SP Blog Designer sp-blog-designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through <= 1.0.0.
- risk 0.49cvss 7.5epss 0.01
The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system.
- risk 0.49cvss 7.5epss 0.01
Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through <= 2.2.9.
- risk 0.49cvss 7.5epss 0.01
Multi-DNC – CWE-35: Path Traversal: '.../...//'