CWE-35
Path Traversal: '.../...//'
Description
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (119)
page 4 of 6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-47324 | Hig | 0.49 | 7.5 | 0.01 | Oct 5, 2024 | Path Traversal: '.../...//' vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin wp-timelines.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through <= 3.6.7. | ||
| CVE-2022-3693 | Hig | 0.49 | 7.5 | 0.01 | Jan 13, 2023 | Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal. This issue affects FileOrbis File Management System: from unspecified before 10.6.3. | ||
| CVE-2022-2265 | Hig | 0.49 | 7.5 | 0.01 | Sep 21, 2022 | The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25 | ||
| CVE-2026-25705 | Hig | 0.48 | 8.4 | 0.00 | May 13, 2026 | A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin`… | ||
| CVE-2025-58972 | Hig | 0.47 | 7.2 | 0.00 | Nov 6, 2025 | Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager:… | ||
| CVE-2023-7263 | Hig | 0.47 | 7.3 | 0.00 | Dec 28, 2024 | Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450) This vulnerability has been assigned a… | ||
| CVE-2024-27901 | Hig | 0.47 | 7.2 | 0.01 | Apr 9, 2024 | SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application. | ||
| CVE-2026-24464 | — | Med | 0.44 | 6.8 | 0.01 | May 13, 2026 | When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files. Note: Software versions which have… | |
| CVE-2026-0804 | Med | 0.44 | 6.7 | 0.00 | May 12, 2026 | An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications,… | ||
| CVE-2026-42274 | Hig | 0.44 | — | 0.00 | May 8, 2026 | Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3.… | ||
| CVE-2026-0205 | Med | 0.44 | 6.8 | 0.00 | Apr 29, 2026 | A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services. | ||
| CVE-2025-20313 | Med | 0.44 | 6.7 | 0.00 | Sep 24, 2025 | Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These… | ||
| CVE-2025-24908 | Med | 0.44 | 6.8 | 0.00 | Apr 16, 2025 | Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.… | ||
| CVE-2025-24907 | Med | 0.44 | 6.8 | 0.00 | Apr 16, 2025 | Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.… | ||
| CVE-2025-26876 | Med | 0.44 | 6.8 | 0.01 | Feb 25, 2025 | Path Traversal: '.../...//' vulnerability in CodeManas Search with Typesense search-with-typesense allows Path Traversal.This issue affects Search with Typesense: from n/a through <= 2.0.8. | ||
| CVE-2024-49770 | Hig | 0.43 | — | 0.01 | Nov 1, 2024 | `oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Context.send` API. However, prior to version 17.1.3, this can be bypassed by… | ||
| CVE-2026-49112 | Hig | 0.42 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions. | ||
| CVE-2025-46256 | Med | 0.42 | 6.4 | 0.00 | Jan 7, 2026 | Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10. | ||
| CVE-2025-28973 | Med | 0.42 | 6.5 | 0.00 | Dec 31, 2025 | Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress pro-watermark allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through <= 2.0. | ||
| CVE-2025-53561 | Med | 0.42 | 6.5 | 0.00 | Aug 20, 2025 | Path Traversal: '.../...//' vulnerability in miniOrange Prevent files / folders access prevent-file-access allows Path Traversal.This issue affects Prevent files / folders access: from n/a through <= 2.6.0. |
- risk 0.49cvss 7.5epss 0.01
Path Traversal: '.../...//' vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin wp-timelines.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through <= 3.6.7.
- risk 0.49cvss 7.5epss 0.01
Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal. This issue affects FileOrbis File Management System: from unspecified before 10.6.3.
- risk 0.49cvss 7.5epss 0.01
The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25
- risk 0.48cvss 8.4epss 0.00
A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin`…
- risk 0.47cvss 7.2epss 0.00
Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager:…
- risk 0.47cvss 7.3epss 0.00
Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450) This vulnerability has been assigned a…
- risk 0.47cvss 7.2epss 0.01
SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.
- risk 0.44cvss 6.8epss 0.01
When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files. Note: Software versions which have…
- risk 0.44cvss 6.7epss 0.00
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications,…
- risk 0.44cvss —epss 0.00
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3.…
- risk 0.44cvss 6.8epss 0.00
A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.
- risk 0.44cvss 6.7epss 0.00
Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These…
- risk 0.44cvss 6.8epss 0.00
Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.…
- risk 0.44cvss 6.8epss 0.00
Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.…
- risk 0.44cvss 6.8epss 0.01
Path Traversal: '.../...//' vulnerability in CodeManas Search with Typesense search-with-typesense allows Path Traversal.This issue affects Search with Typesense: from n/a through <= 2.0.8.
- risk 0.43cvss —epss 0.01
`oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Context.send` API. However, prior to version 17.1.3, this can be bypassed by…
- risk 0.42cvss 7.5epss 0.00
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
- risk 0.42cvss 6.4epss 0.00
Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10.
- risk 0.42cvss 6.5epss 0.00
Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress pro-watermark allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through <= 2.0.
- risk 0.42cvss 6.5epss 0.00
Path Traversal: '.../...//' vulnerability in miniOrange Prevent files / folders access prevent-file-access allows Path Traversal.This issue affects Prevent files / folders access: from n/a through <= 2.6.0.