CVEbaza.plCWE DictionaryCWE-35
Common Weakness Enumeration

CWE-35

Path Traversal: '.../...//'

Category: VariantCVE: 170
Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

CVE vulnerabilities with CWE-35 (170)
10.0
CVSS
CRITICAL
CVE-2025-24786

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory `/db`, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on. Affected versions of WhoDB allow users to connect to Sqlite3 databases. By default, the databases must be present in `/db/` (or alternatively `./tmp/` if development mode is enabled). If no databases are present in the default directory, the UI indicates that the user is unable to open any databases. The database file is an user-controlled value. This value is used in `.Join()` with the default directory, in order to get the full path of the database file to open. No checks are performed whether the database file that is eventually opened actually resides in the default directory `/db`. This allows an attacker to use path traversal (`../../`) in order to open any Sqlite3 database present on the system. This issue has been addressed in version 0.45.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

pub. 2025-02-06
9.9
CVSS
CRITICAL
CVE-2026-45661

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with Dokploy's remote server deployment feature, this vulnerability enables arbitrary file write to remote server filesystems, automatic remote code execution via cron jobs, complete server compromise, data exfiltration without user interaction, and persistent backdoor installation. This vulnerability bypasses all container isolation on remote server deployments.

pub. 2026-05-29
9.8
CVSS
CRITICAL
CVE-2025-41723

The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.

pub. 2025-10-22
9.8
CVSS
CRITICAL
CVE-2025-42937

SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application.

pub. 2025-10-14
9.8
CVSS
CRITICAL
CVE-2024-39171

Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix.

pub. 2024-07-09
9.8
CVSS
CRITICAL
CVE-2018-3744

The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.

pub. 2018-05-29
9.6
CVSS
CRITICAL
CVE-2026-52703

Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.

pub. 2026-06-15
9.4
CVSS
CRITICAL
CVE-2025-59793

Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution.

pub. 2026-02-17
9.3
CVSS
CRITICAL
CVE-2026-6074

Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory.

pub. 2026-04-23
9.3
CVSS
CRITICAL
CVE-2025-53417

DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability

pub. 2025-08-05
9.3
CVSS
CRITICAL
CVE-2025-30515

CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.

pub. 2025-06-09
9.3
CVSS
CRITICAL
CVE-2024-56045

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.

pub. 2024-12-31
9.3
CVSS
CRITICAL
CVE-2024-40505

Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component.

pub. 2024-07-16
9.3
CVSS
CRITICAL
CVE-2023-39916

NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it.

pub. 2023-09-13
9.2
CVSS
CRITICAL
CVE-2025-68428

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.

pub. 2026-01-05
9.2
CVSS
CRITICAL
CVE-2025-5598

Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve Embedded Sensitive Data.This issue affects airleader MASTER: 3.0046.

pub. 2025-06-04
9.2
CVSS
CRITICAL
CVE-2024-21575

ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some conditions, result in remote code execution (RCE).

pub. 2024-12-12
9.1
CVSS
CRITICAL
CVE-2026-7302

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.

pub. 2026-05-18
9.1
CVSS
CRITICAL
CVE-2020-27130

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.

pub. 2020-11-17
9.0
CVSS
CRITICAL
CVE-2026-40128

SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or modify sensitive information or render any part of the local system unavailable.

pub. 2026-06-09
Showing 20 of 170 vulnerabilities
Information
ID: CWE-35
Type: Variant
Vulnerabilities: 170
MITRE CWE ↗
← CWE Dictionary