Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-29

CWE-29

Path Traversal: '\..\filename'

Parent: CWE-23 - Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.

64 vulnerabilities with CWE-29

CVE-2024-7774 CRITICAL

langchain.js < 0.2.19 - Path Traversal via getFullPath Method

CVE-2024-6394 HIGH

parisneo/lollms-webui <9.8 - Path Traversal

CVE-2024-6396 CRITICAL

Aim 3.19.3 - Arbitrary File Overwrite via _backup_run Parameters

CVE-2024-5926 CRITICAL

stitionai devika - Path Traversal and Denial of Service via Project-Name Parameter

CVE-2024-6139 HIGH

parisneo/lollms <9.6 - Path Traversal

CVE-2024-4841 LOW

lollms-webui v9.6-latest - Path Traversal via add_reference_to_local_model Endpoint

CVE-2024-5443 CRITICAL

lollms < 9.5.1 - Path Traversal and Remote Code Execution via ExtensionBuilder Mount Endpoint

CVE-2024-21518 HIGH

OpenCart >= 4.0.0.0 - Path Traversal via Marketplace Installer Zip Slip

CVE-2024-5211 HIGH

AnythingLLM < 1.0.0 - Path Traversal and Arbitrary File Write via Custom Logo Upload

CVE-2024-4320 CRITICAL

lollms_web_ui - Remote Code Execution via Extension Install Name Parameter

CVE-2024-3429 CRITICAL

lollms < 9.6 - Path Traversal via Insufficient Input Sanitization

CVE-2024-2928 HIGH

MLflow < 2.11.3 - Path Traversal

CVE-2024-2624 CRITICAL

parisneo/lollms-webui - Path Traversal

CVE-2024-2360 CRITICAL

lollms_web_ui - Path Traversal and Remote Code Execution via Database and PDF LaTeX Path Settings

CVE-2024-2914 HIGH

deepjavalibrary/djl <0.27.0 - Path Traversal

CVE-2024-2178 HIGH

parisneo/lollms-webui - Path Traversal

CVE-2024-4322 HIGH

lollms_web_ui < 9.8 - Path Traversal via /list_personalities Endpoint Category Parameter

CVE-2024-3848 HIGH

MLflow < 2.12.1 - Path Traversal via URL Fragment Bypass

CVE-2024-3435 HIGH

lollms_web_ui < 9.5 - Path Traversal and Remote Code Execution via Config Parameter in Save Settings Endpoint

CVE-2024-2361 CRITICAL

lollms_web_ui < 9.5 - Path Traversal and Arbitrary File Upload via install_model() Function

CVE-2024-2358 CRITICAL

lollms_web_ui < 9.5 - Path Traversal and Remote Code Execution via Extensions Parameter

CVE-2024-34470 HIGH

HSC Mailinspector <5.2.18 - Path Traversal

CVE-2024-3573 CRITICAL

MLflow < 2.10.0 - Local File Inclusion via URI Scheme Parsing Bypass

CVE-2024-2083 CRITICAL

zenml < 0.55.5 - Path Traversal via /api/v1/steps Logs URI Parameter

CVE-2024-1561 HIGH

gradio-app/gradio - Info Disclosure

Previous Page 2 of 3 Next

Details

Vulnerabilities 64

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy