CWE-35— Path Traversal: '.../...//'
161 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-35page 4 of 4
- CVE-2026-20034HIGHCVSS 8.8EG 8.82026-05-06
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-…
- CVE-2026-24464MEDIUMCVSS 6.8EG 6.82026-05-13
When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files.�…
- CVE-2026-25705HIGHCVSS 8.4EG 8.42026-05-13
A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEn…
- CVE-2026-28265MEDIUMCVSS 4.4EG 4.42026-04-01
PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.
- CVE-2026-42274HIGHCVSS 7.8EG 7.82026-05-08
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) request path, while downstream components may normalize dot-segments…
- CVE-2026-42930HIGHCVSS 8.7EG 8.72026-05-13
When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS)…
- CVE-2026-44933HIGHCVSS 7.8EG 7.82026-05-20
`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed pa…
- CVE-2026-45495HIGHCVSS 8.8EG 8.82026-05-18
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2026-45661CRITICALCVSS 9.9EG 9.92026-05-29
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during appli…
- CVE-2026-6074CRITICALCVSS 9.3EG 9.32026-04-23
Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read ar…
- CVE-2026-7302CRITICALCVSS 9.1EG 9.12026-05-18
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload fi…
Map vulnerabilities like CWE-35 to your infrastructure
EchelonGraph correlates every CVE — across CWE-35 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →