Search

Blog Stats Labs CLI MCP API Limits About Privacy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Blog Statistics Labs CLI Tool MCP Server API Documentation Rate Limits About Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-36

CWE-36

Absolute Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

112 vulnerabilities with CWE-36

CVE-2026-2753 HIGH

Navtor NavBox - Path Traversal

CVE-2026-28414 HIGH

Gradio <6.7 - Path Traversal

CVE-2026-27117 MEDIUM

bit7z <4.0.11 - Path Traversal

CVE-2026-26337 HIGH

Hyland Alfresco - Path Traversal & SSRF

CVE-2026-1330 HIGH

MeetingHub - Path Traversal

CVE-2026-1020 MEDIUM

Gotac Police Statistics Database System - Absolute Path Traversal

CVE-2026-1018 HIGH

Gotac Police Statistics Database System - Absolute Path Traversal

CVE-2026-20834 MEDIUM

Windows Shell < unknown - Path Traversal

CVE-2025-68472 HIGH

Mindsdb < 25.11.1 - Path Traversal

CVE-2025-15237 MEDIUM

Quantatw Qoca Aim < 2.7.6 - Absolute Path Traversal

CVE-2025-15236 MEDIUM

Quantatw Qoca Aim < 2.7.6 - Absolute Path Traversal

CVE-2025-15227 HIGH

Welltend Bpmflowwebkit < 5.0.5 - Path Traversal

CVE-2025-14848 MEDIUM

Advantech Webaccess/scada - Absolute Path Traversal

CVE-2025-67898 MEDIUM

NPM Mjml - Absolute Path Traversal

CVE-2025-34392 CRITICAL

Barracuda Rmm < 2025.1.1 - Absolute Path Traversal

CVE-2025-14253 MEDIUM

Vitals ESP - Path Traversal

CVE-2025-36357 HIGH

IBM Planning Analytics Local < 2.1.15 - Absolute Path Traversal

CVE-2025-13283 HIGH

CHT Tenderdoctransfer < 0.41.159 - Absolute Path Traversal

CVE-2025-13282 HIGH

CHT Tenderdoctransfer < 0.41.159 - Absolute Path Traversal

CVE-2025-7846 HIGH

WordPress User Extra Fields <16.7 - Privilege Escalation

CVE-2025-8575 HIGH

LWS Cleaner <2.4.1.3 - Privilege Escalation

CVE-2025-9518 HIGH

Atec Debug <1.2.22 - Privilege Escalation

CVE-2025-9516 MEDIUM

Atec Debug <1.2.22 - Info Disclosure

CVE-2025-9259 MEDIUM

WebITR - Path Traversal

CVE-2025-9258 MEDIUM

WebITR - Path Traversal

Page 1 of 5 Next

Details

Vulnerabilities 112

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy