CWE-35— Path Traversal: '.../...//'
161 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-35page 3 of 4
- CVE-2025-32950MEDIUMCVSS 6.5EG 6.52025-04-22
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix…
- CVE-2025-39467HIGHCVSS 8.1EG 9.82025-11-06
Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1.
- CVE-2025-39470HIGHCVSS 8.1EG 8.12025-04-18
Path Traversal: '.../...//' vulnerability in ThimPress Ivy School ivy-school allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through <= 1.6.0.
- CVE-2025-39475HIGHCVSS 8.1EG 8.12025-06-09
Path Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue affects Arlo: from n/a through <= 6.0.3.
- CVE-2025-39491HIGHCVSS 8.1EG 8.12025-05-16
Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision.
- CVE-2025-39492HIGHCVSS 7.5EG 7.52025-05-16
Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision.
- CVE-2025-39598MEDIUMCVSS 4.9EG 4.92025-04-16
Path Traversal: '.../...//' vulnerability in Quý Lê 91 Administrator Z administrator-z allows Path Traversal.This issue affects Administrator Z: from n/a through <= 2025.03.28.
- CVE-2025-40573MEDIUMCVSS 4.4EG 4.42025-05-13
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are ou…
- CVE-2025-41723CRITICALCVSS 9.8EG 9.82025-10-22
The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.
- CVE-2025-41736HIGHCVSS 8.8EG 8.82025-11-18
A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution.
- CVE-2025-42937CRITICALCVSS 9.8EG 9.82025-10-14
SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality int…
- CVE-2025-43886MEDIUMCVSS 4.4EG 4.42025-09-10
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem ac…
- CVE-2025-43907MEDIUMCVSS 6.5EG 6.52025-10-07
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7…
- CVE-2025-46256MEDIUMCVSS 6.4EG 6.42026-01-07
Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10.
- CVE-2025-46441MEDIUMCVSS 5.3EG 5.32025-05-19
Path Traversal: '.../...//' vulnerability in ctltwp Section Widget section-widget allows Path Traversal.This issue affects Section Widget: from n/a through <= 3.3.1.
- CVE-2025-47176HIGHCVSS 7.8EG 7.82025-06-10
'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.
- CVE-2025-47636HIGHCVSS 7.5EG 7.52025-05-07
Path Traversal: '.../...//' vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through <= 0.91.0.
- CVE-2025-47649HIGHCVSS 8.8EG 8.82025-05-07
Path Traversal: '.../...//' vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows PHP Local File Inclusion.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.9.
- CVE-2025-48081MEDIUMCVSS 5.3EG 5.32025-08-27
Path Traversal: '.../...//' vulnerability in Printeers Printeers Print & Ship allows Path Traversal.This issue affects Printeers Print & Ship: from n/a through 1.17.0.
- CVE-2025-48090HIGHCVSS 8.1EG 8.22025-11-06
Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through < 1.5.
- CVE-2025-48317HIGHCVSS 7.5EG 7.52025-09-05
Path Traversal: '.../...//' vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay woocommerce-payment-gateway-for-saferpay allows Path Traversal.This issue affects WooCommerce Payment Gateway for Saferpay: from n/a throug…
- CVE-2025-49295HIGHCVSS 8.1EG 8.12025-06-09
Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1.
- CVE-2025-49296HIGHCVSS 8.1EG 8.12025-06-09
Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6.
- CVE-2025-49297HIGHCVSS 8.1EG 8.12025-06-09
Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6.
- CVE-2025-49451HIGHCVSS 7.5EG 7.52025-06-17
Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll …
- CVE-2025-4956MEDIUMCVSS 4.3EG 4.32025-08-30
Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0.
- CVE-2025-52712MEDIUMCVSS 4.2EG 4.22025-08-14
Path Traversal: '.../...//' vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Path Traversal.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8.
- CVE-2025-52805HIGHCVSS 7.5EG 7.52025-07-04
Path Traversal: '.../...//' vulnerability in VaultDweller Leyka leyka allows PHP Local File Inclusion.This issue affects Leyka: from n/a through <= 3.32.1.
- CVE-2025-52810HIGHCVSS 8.1EG 8.12025-06-27
Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1.
- CVE-2025-52811HIGHCVSS 8.1EG 8.12025-06-27
Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a th…
- CVE-2025-53417CRITICALCVSS 9.3EG 0.02025-08-05
DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability
- CVE-2025-53561MEDIUMCVSS 6.5EG 6.52025-08-20
Path Traversal: '.../...//' vulnerability in miniOrange Prevent files / folders access prevent-file-access allows Path Traversal.This issue affects Prevent files / folders access: from n/a through <= 2.6.0.
- CVE-2025-53880HIGHCVSS 8.7EG 0.02025-10-30
A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the end…
- CVE-2025-5454MEDIUMCVSS 6.4EG 6.42025-11-11
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the inst…
- CVE-2025-5598CRITICALCVSS 9.2EG 0.02025-06-04
Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve Embedded Sensitive Data.This issue affects airleader MASTER: 3.0046.
- CVE-2025-58380LOWCVSS 2.3EG 2.32026-02-03
A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to dif…
- CVE-2025-58381LOWCVSS 2.3EG 2.32026-02-03
A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directo…
- CVE-2025-58972HIGHCVSS 7.2EG 7.22025-11-06
Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode…
- CVE-2025-59099HIGHCVSS 8.8EG 0.02026-01-26
The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior a…
- CVE-2025-59793CRITICALCVSS 9.9EG 9.92026-02-17
Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, wh…
- CVE-2025-64253MEDIUMCVSS 4.9EG 4.92025-12-16
Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through <= 1.7.1.
- CVE-2025-64676HIGHCVSS 7.2EG 7.22025-12-18
'.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network.
- CVE-2025-66004MEDIUMCVSS 5.7EG 5.72025-12-10
A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.
- CVE-2025-67914HIGHCVSS 7.7EG 7.52026-01-08
Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8.
- CVE-2025-68428HIGHCVSS 7.5EG 7.52026-01-05
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsaniti…
- CVE-2025-8051MEDIUMCVSS 6.5EG 6.52025-10-20
Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2.
- CVE-2025-8088HIGHCVSS 8.8EG 9.0⚠ KEV2025-08-08
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov…
- CVE-2026-0205MEDIUMCVSS 6.8EG 6.82026-04-29
A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.
- CVE-2026-0804MEDIUMCVSS 6.7EG 6.72026-05-12
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the inst…
- CVE-2026-1763MEDIUMCVSS 4.6EG 4.62026-02-10
Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.
Map vulnerabilities like CWE-35 to your infrastructure
EchelonGraph correlates every CVE — across CWE-35 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →