Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-29

CWE-29

Path Traversal: '\..\filename'

Parent: CWE-23 - Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.

64 vulnerabilities with CWE-29

CVE-2026-10732 MEDIUM

Decompress - Path Traversal: '\..\filename'

CVE-2026-24217 HIGH

NVIDIA BioNeMo Framework < commit dfd83a7 on main - Path Traversal via Malicious File Loading

CVE-2026-5627 HIGH

Path Traversal in mintplex-labs/anything-llm

CVE-2026-30828 HIGH

wallos < 4.6.2 - Server-Side Request Forgery via URL Parameter

CVE-2025-15036 CRITICAL

Path Traversal Vulnerability in mlflow/mlflow

CVE-2025-66608 HIGH

Yokogawa FAST/TOOLS R9.01-R10.04 - Path Traversal via URL Validation Bypass

CVE-2025-12790 HIGH

Rubygem MQTT < 0.7.0 - Man-in-the-Middle via Missing Hostname Validation

CVE-2025-58291 LOW

HarmonyOS - Denial of Service in Office Service

CVE-2025-50185 HIGH

dbgate <= 6.6.0 - Authenticated Arbitrary File Read via CSV Plugin File Path

CVE-2025-50184 HIGH

DbGate <6.4.3-premium-beta.5 - Path Traversal

CVE-2025-6209 HIGH

run-llama/llama_index <0.12.27 - Path Traversal

CVE-2024-2356 CRITICAL

parisneo/lollms-webui < v9.5 - Unauthenticated Path Traversal and Remote Code Execution via reinstall_extension Endpoint

CVE-2024-8982 MEDIUM

OpenLLM 0.6.10 - Local File Inclusion

CVE-2024-8859 HIGH

MLflow 2.15.1 - Path Traversal and Arbitrary File Read via DBFS Service URL Handling

CVE-2024-8537 CRITICAL

modelscope/agentscope - Path Traversal

CVE-2024-8248 HIGH

mintplex-labs/anything-llm <1.2.2 - Path Traversal

CVE-2024-7957 CRITICAL

danswer-ai/danswer - Arbitrary File Overwrite via ZulipConnector load_credentials

CVE-2024-7033 HIGH

open-webui 0.3.8 - Arbitrary File Write via Download Model Endpoint

CVE-2024-12389 HIGH

binary-husky gpt_academic - Path Traversal and Arbitrary File Write via 7z Extraction

CVE-2024-11170 HIGH

librechat < 0.7.6 - Path Traversal and Arbitrary File Write via Multer Middleware

CVE-2024-10648 HIGH

Gradio - Path Traversal and Denial of Service via Audio Component Format Manipulation

CVE-2024-13059 HIGH

mintplex-labs/anything-llm <1.3.1 - Path Traversal

CVE-2024-51534 HIGH

Dell PowerProtect DD <8.3.0.0, 7.10.1.50, 7.13.1.20 - Path Traversal

CVE-2024-21542 HIGH

luigi < 3.6.0 - Arbitrary File Write via Archive Extraction

CVE-2024-7962 HIGH

gaizhenbiao/chuanhuchatgpt 20240628 - Arbitrary File Read via Insufficient Prompt Template Validation

Page 1 of 3 Next

Details

Vulnerabilities 64

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy