Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-36

CWE-36

Absolute Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

126 vulnerabilities with CWE-36

CVE-2026-53698 MEDIUM

Silverpeas < 6.4.6 - Absolute Path Traversal

CVE-2026-10075 MEDIUM

Interinfo｜DreamMaker - Path Traversal

CVE-2026-10044 HIGH

ai-goofish-monitor Unauthenticated Arbitrary File Read via GET /api/prompts/

CVE-2026-32997 HIGH

Veeam Backup And Replication < 13.0.1 - Absolute Path Traversal

CVE-2026-4782 MEDIUM

Avada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode Parameter

CVE-2026-32175 MEDIUM

.NET 10.0 < 10.0.8, 9.0 < 9.0.16, 8.0 < 8.0.27 - Path Traversal and Arbitrary File Write

CVE-2026-42315 HIGH

pyLoad: Path Traversal via Package Folder Name in set_package_data

CVE-2026-6418 MEDIUM

PaperCut NG/MF: Path Traversal in Shared Account Synchronization

CVE-2026-44029 MEDIUM

Nix 2.24.7-2.34.6 - Arbitrary File Write via Directory Traversal in nix-prefetch-url and nix store prefetch-file

CVE-2026-7217 MEDIUM

Deepractice PromptX Document File index.ts read_pdf absolute path traversal

CVE-2026-35465 HIGH

SecureDrop Client has path injection in read_gzip_header_filename()

CVE-2026-34515 HIGH

AIOHTTP: UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows

CVE-2026-4373 HIGH

JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field

CVE-2026-0846 HIGH

nltk < 3.9.3 - Arbitrary File Read via filestring() Function

CVE-2026-2753 HIGH

Navtor NavBox 4.12.0.3 and 4.14.1.2 - Unauthenticated Absolute Path Traversal

CVE-2026-28414 HIGH

Gradio < 6.7.0 - Unauthenticated Absolute Path Traversal via Root-Relative Path Handling

CVE-2026-27117 MEDIUM

bit7z < 4.0.11 - Path Traversal and Arbitrary File Write via Archive Extraction

CVE-2026-26337 HIGH

Hyland Alfresco - Path Traversal & SSRF

CVE-2026-1330 HIGH

MeetingHub < 2025-12-10 - Unauthenticated Arbitrary File Read via Absolute Path Traversal

CVE-2026-1020 MEDIUM

Gotac Police Statistics Database System < 1.0.3 - Unauthenticated Absolute Path Traversal

CVE-2026-1018 HIGH

Gotac Police Statistics Database System < 1.0.2 - Unauthenticated Arbitrary File Read via Absolute Path Traversal

CVE-2026-20834 MEDIUM

Microsoft Windows Shell - Absolute Path Traversal Spoofing via Physical Attack

CVE-2025-68472 HIGH

MindsDB < 25.11.1 - Unauthenticated Path Traversal and Arbitrary File Read via File Upload API

CVE-2025-15237 MEDIUM

QOCA aim < 2.7.6 - Authenticated Absolute Path Traversal

CVE-2025-15236 MEDIUM

QOCA aim < 2.7.6 - Authenticated Absolute Path Traversal

Page 1 of 6 Next

Details

Vulnerabilities 126

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy