CWE-41
23 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-41page 1 of 1
- CVE-2022-0855MEDIUMCVSS 6.1EG 6.12022-03-04
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4.
- CVE-2023-36396HIGHCVSS 7.8EG 7.82023-11-14
Windows Compressed Folder Remote Code Execution Vulnerability
- CVE-2023-46169MEDIUMCVSS 6.5EG 6.52024-03-07
IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily delete a file. IBM X-Force ID: 269406.
- CVE-2024-30036MEDIUMCVSS 6.5EG 6.52024-05-14
Windows Deployment Services Information Disclosure Vulnerability
- CVE-2024-30073HIGHCVSS 7.8EG 7.82024-09-10
Windows Security Zone Mapping Security Feature Bypass Vulnerability
- CVE-2024-45405MEDIUMCVSS 6.0EG 6.02024-09-06
`gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to version 0.10.11, `gix-path` runs `git` to find the path of a configuration file associated with the …
- CVE-2024-6839MEDIUMCVSS 5.3EG 5.32025-03-20
corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being a…
- CVE-2024-8765HIGHCVSS 7.3EG 7.32025-03-20
In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to a…
- CVE-2025-0115MEDIUMCVSS 6.8EG 0.02025-03-12
A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and succe…
- CVE-2025-21189MEDIUMCVSS 4.3EG 4.32025-01-14
MapUrlToZone Security Feature Bypass Vulnerability
- CVE-2025-21219MEDIUMCVSS 4.3EG 4.32025-01-14
MapUrlToZone Security Feature Bypass Vulnerability
- CVE-2025-21247MEDIUMCVSS 4.3EG 4.32025-03-11
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
- CVE-2025-21268MEDIUMCVSS 4.3EG 4.32025-01-14
MapUrlToZone Security Feature Bypass Vulnerability
- CVE-2025-21269MEDIUMCVSS 4.3EG 4.32025-01-14
Windows HTML Platforms Security Feature Bypass Vulnerability
- CVE-2025-21328MEDIUMCVSS 4.3EG 4.32025-01-14
MapUrlToZone Security Feature Bypass Vulnerability
- CVE-2025-21329MEDIUMCVSS 4.3EG 4.32025-01-14
MapUrlToZone Security Feature Bypass Vulnerability
- CVE-2025-21332MEDIUMCVSS 4.3EG 4.32025-01-14
MapUrlToZone Security Feature Bypass Vulnerability
- CVE-2025-24470HIGHCVSS 8.6EG 8.62025-02-11
An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests.
- CVE-2025-43298HIGHCVSS 7.8EG 7.82025-09-15
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.
- CVE-2025-54107MEDIUMCVSS 4.3EG 4.32025-09-09
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
- CVE-2025-58290LOWCVSS 3.3EG 3.32025-10-11
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.
- CVE-2026-34510MEDIUMCVSS 5.3EG 5.32026-04-01
OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file tar…
- CVE-2026-5816HIGHCVSS 8.0EG 8.02026-04-22
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to imp…
Map vulnerabilities like CWE-41 to your infrastructure
EchelonGraph correlates every CVE — across CWE-41 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →