Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-35

CWE-35

Path Traversal: '.../...//'

Parent: CWE-23 - Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

169 vulnerabilities with CWE-35

CVE-2025-32950 MEDIUM

Jmix Framework 1.0.0-1.6.1 and 2.0.0-2.3.4 - Path Traversal via FileRef Parameter

CVE-2025-39470 HIGH

ThimPress Ivy School <1.6.0 - Path Traversal

CVE-2025-24908 MEDIUM

Hitachi Vantara Pentaho <10.2.0.2 - Path Traversal

CVE-2025-24907 MEDIUM

Hitachi Vantara Pentaho <10.2.0.2 - Path Traversal

CVE-2025-39598 MEDIUM

Quý Lê 91 Administrator Z <2025.03.28 - Path Traversal

CVE-2025-30966 MEDIUM

NotFound WPJobBoard - Path Traversal

CVE-2025-32585 HIGH

Trusty Plugins Shop Products Filter <1.2 - Path Traversal

CVE-2025-30014 HIGH

SAP Capital Yield Tax Management - Path Traversal

CVE-2025-30834 HIGH

Bit Apps Bit Assist <1.5.4 - Path Traversal

CVE-2025-26940 MEDIUM

NotFound Pie Register Premium <3.8.3.2 - Path Traversal

CVE-2025-27274 MEDIUM

NotFound GPX Viewer <2.2.11 - Path Traversal

CVE-2025-25122 HIGH

WizShop <= 3.0.2 - Path Traversal via '.../...//'

CVE-2025-26935 HIGH

WP Job Portal <= 2.2.8 - Path Traversal and Local File Inclusion via Dot-Slash Sequence

CVE-2025-26876 MEDIUM

CodeManas Search with Typesense <= 2.0.8 - Path Traversal via '.../...//'

CVE-2025-26357 MEDIUM

Q-Free MaxTime <= 2.11.0 - Authenticated Path Traversal via Crafted HTTP Requests

CVE-2025-26356 HIGH

Q-Free MaxTime <= 2.11.0 - Authenticated Path Traversal via setActive Endpoint

CVE-2025-26355 MEDIUM

Q-Free MaxTime <= 2.11.0 - Authenticated Path Traversal via Crafted HTTP Requests

CVE-2025-26354 HIGH

Q-Free MaxTime <= 2.11.0 - Authenticated Path Traversal via Database Copy Endpoint

CVE-2025-26353 MEDIUM

Q-Free MaxTime <= 2.11.0 - Authenticated Path Traversal via Crafted HTTP Requests

CVE-2025-26352 MEDIUM

Q-Free MaxTime <= 2.11.0 - Authenticated Path Traversal via Template Deletion Mechanism

CVE-2025-26351 MEDIUM

Q-Free MaxTime <= 2.11.0 - Authenticated Path Traversal via Template Download Mechanism

CVE-2025-24786 CRITICAL

clidey/whodb < 0.45.0 - Unauthenticated Path Traversal via Database File Path

CVE-2025-0858 MEDIUM

Certain Poly Devices - Path Traversal via Firmware Builds up to 8.2.1.0820

CVE-2025-22205 HIGH

Admiror Gallery <4.x - Path Traversal

CVE-2025-24685 HIGH

MORKVA Morkva UA Shipping <1.0.18 - Path Traversal

Previous Page 4 of 7 Next

Details

Vulnerabilities 169

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy