Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-35

CWE-35

Path Traversal: '.../...//'

Parent: CWE-23 - Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

169 vulnerabilities with CWE-35

CVE-2024-47171 MEDIUM

agnai < 1.0.330 - Path Traversal and Arbitrary File Write via Image Upload

CVE-2024-47170 MEDIUM

agnai < 1.0.330 - Path Traversal via JSON Storage

CVE-2024-47169 HIGH

agnai < 1.0.330 - Unauthenticated Arbitrary File Write via Path Traversal

CVE-2024-0067 MEDIUM

AXIS OS - Path Traversal via VAPIX API ledlimit.cgi

CVE-2024-7608 MEDIUM

NX-EX-FX-AX-IVX-CMS - Path Traversal

CVE-2024-45190 MEDIUM

Mage AI - Path Traversal via Pipeline Interaction Request

CVE-2024-0113 HIGH

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC - Path Traversal via Web Support CGI URI

CVE-2024-40505 CRITICAL

D-Link DAP-1650 <v.1.03 - Path Traversal

CVE-2024-38706 MEDIUM

HasThemes HT Mega <2.5.7 - Path Traversal

CVE-2024-39171 CRITICAL

phpvibe 11.0.3-11.0.46 - Path Traversal and Remote Code Execution via .htaccess and PNG File Upload

CVE-2024-36991 HIGH

Splunk 9.0.0-9.0.9 - Path Traversal via /modules/messaging/ Endpoint

CVE-2024-5481 MEDIUM

Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated Path Traversal via esc_dir Function

CVE-2024-34191 MEDIUM

htmly 2.9.6 - Arbitrary File Deletion via delete_post() Function

CVE-2024-2654 MEDIUM

WordPress File Manager <7.2.5 - Path Traversal

CVE-2024-27901 HIGH

SAP Asset Accounting - Path Traversal

CVE-2024-2863 MEDIUM

LG LED Assistant - Thumbnail Path Traversal File Upload

CVE-2024-1886 LOW

LG webOS Signage - Path Traversal

CVE-2023-7263 HIGH

Huawei home music system - Path Traversal

CVE-2023-7300 HIGH

Huawei Home Music System - Path Traversal

CVE-2023-41793 MEDIUM

Pandora FMS 700-775 - Path Traversal and Arbitrary File Write

CVE-2023-5800 MEDIUM

AXIS OS < 11.8.61, 2020 < 9.80.55, 2022 < 10.12.220 - Authenticated RCE via VAPIX API

CVE-2023-46690 HIGH

Delta Electronics InfraSuite Device Master <1.0.7 - Code Injection

CVE-2023-5885 MEDIUM

Franklin Fueling Colibri Firmware - Unauthenticated Path Traversal

CVE-2023-6252 HIGH

Chameleon Power - Path Traversal via getImage Parameter

CVE-2023-21418 HIGH

AXIS OS < 6.50.5.15, < 11.7.57, < 8.40.35, < 9.80.49, < 10.12.213 - Path Traversal & File Deletion via VAPIX API

Previous Page 6 of 7 Next

Details

Vulnerabilities 169

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy