VYPR

CWE-35

Path Traversal: '.../...//'

VariantIncomplete

Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (119)

page 4 of 6
  • CVE-2024-47324HigOct 5, 2024
    risk 0.49cvss 7.5epss 0.01

    Path Traversal: '.../...//' vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin wp-timelines.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through <= 3.6.7.

  • CVE-2022-3693HigJan 13, 2023
    risk 0.49cvss 7.5epss 0.01

    Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal. This issue affects FileOrbis File Management System: from unspecified before 10.6.3.

  • CVE-2022-2265HigSep 21, 2022
    risk 0.49cvss 7.5epss 0.01

    The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25

  • CVE-2026-25705HigMay 13, 2026
    risk 0.48cvss 8.4epss 0.00

    A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin`…

  • CVE-2025-58972HigNov 6, 2025
    risk 0.47cvss 7.2epss 0.00

    Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager:…

  • CVE-2023-7263HigDec 28, 2024
    risk 0.47cvss 7.3epss 0.00

    Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450) This vulnerability has been assigned a…

  • CVE-2024-27901HigApr 9, 2024
    risk 0.47cvss 7.2epss 0.01

    SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.

  • CVE-2026-24464MedMay 13, 2026
    risk 0.44cvss 6.8epss 0.01

    When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files.  Note: Software versions which have…

  • CVE-2026-0804MedMay 12, 2026
    risk 0.44cvss 6.7epss 0.00

    An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications,…

  • CVE-2026-42274HigMay 8, 2026
    risk 0.44cvss epss 0.00

    Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3.…

  • CVE-2026-0205MedApr 29, 2026
    risk 0.44cvss 6.8epss 0.00

    A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.

  • CVE-2025-20313MedSep 24, 2025
    risk 0.44cvss 6.7epss 0.00

    Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These…

  • CVE-2025-24908MedApr 16, 2025
    risk 0.44cvss 6.8epss 0.00

    Overview   The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.…

  • CVE-2025-24907MedApr 16, 2025
    risk 0.44cvss 6.8epss 0.00

    Overview   The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.…

  • CVE-2025-26876MedFeb 25, 2025
    risk 0.44cvss 6.8epss 0.01

    Path Traversal: '.../...//' vulnerability in CodeManas Search with Typesense search-with-typesense allows Path Traversal.This issue affects Search with Typesense: from n/a through <= 2.0.8.

  • CVE-2024-49770HigNov 1, 2024
    risk 0.43cvss epss 0.01

    `oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Context.send` API. However, prior to version 17.1.3, this can be bypassed by…

  • CVE-2026-49112HigJun 15, 2026
    risk 0.42cvss 7.5epss 0.00

    Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.

  • CVE-2025-46256MedJan 7, 2026
    risk 0.42cvss 6.4epss 0.00

    Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10.

  • CVE-2025-28973MedDec 31, 2025
    risk 0.42cvss 6.5epss 0.00

    Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress pro-watermark allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through <= 2.0.

  • CVE-2025-53561MedAug 20, 2025
    risk 0.42cvss 6.5epss 0.00

    Path Traversal: '.../...//' vulnerability in miniOrange Prevent files / folders access prevent-file-access allows Path Traversal.This issue affects Prevent files / folders access: from n/a through <= 2.6.0.