Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-36

CWE-36

Absolute Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

117 vulnerabilities with CWE-36

CVE-2026-7217 MEDIUM

Deepractice PromptX Document File index.ts read_pdf absolute path traversal

CVE-2026-35465 HIGH

SecureDrop Client has path injection in read_gzip_header_filename()

CVE-2026-34515 HIGH

AIOHTTP: UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows

CVE-2026-4373 HIGH

JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field

CVE-2026-0846 HIGH

nltk 3.9.2 - Path Traversal

CVE-2026-2753 HIGH

Navtor NavBox - Path Traversal

CVE-2026-28414 HIGH

Gradio <6.7 - Path Traversal

CVE-2026-27117 MEDIUM

bit7z <4.0.11 - Path Traversal

CVE-2026-26337 HIGH

Hyland Alfresco - Path Traversal & SSRF

CVE-2026-1330 HIGH

MeetingHub - Path Traversal

CVE-2026-1020 MEDIUM

Gotac Police Statistics Database System - Absolute Path Traversal

CVE-2026-1018 HIGH

Gotac Police Statistics Database System - Absolute Path Traversal

CVE-2026-20834 MEDIUM

Microsoft Windows Shell - Absolute Path Traversal Spoofing via Physical Attack

CVE-2025-68472 HIGH

Mindsdb < 25.11.1 - Path Traversal

CVE-2025-15237 MEDIUM

Quantatw Qoca Aim < 2.7.6 - Absolute Path Traversal

CVE-2025-15236 MEDIUM

Quantatw Qoca Aim < 2.7.6 - Absolute Path Traversal

CVE-2025-15227 HIGH

Welltend Bpmflowwebkit < 5.0.5 - Path Traversal

CVE-2025-14848 MEDIUM

Advantech Webaccess/scada - Absolute Path Traversal

CVE-2025-67898 MEDIUM

NPM Mjml - Absolute Path Traversal

CVE-2025-34392 CRITICAL

Barracuda Rmm < 2025.1.1 - Absolute Path Traversal

CVE-2025-14253 MEDIUM

Vitals ESP - Path Traversal

CVE-2025-36357 HIGH

IBM Planning Analytics Local < 2.1.15 - Absolute Path Traversal

CVE-2025-13283 HIGH

CHT Tenderdoctransfer < 0.41.159 - Absolute Path Traversal

CVE-2025-13282 HIGH

CHT Tenderdoctransfer < 0.41.159 - Absolute Path Traversal

CVE-2025-7846 HIGH

WordPress User Extra Fields <16.7 - Privilege Escalation

Page 1 of 5 Next

Details

Vulnerabilities 117

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy