Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-36

CWE-36

Absolute Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

126 vulnerabilities with CWE-36

CVE-2025-15227 HIGH

bpmflowwebkit < 5.0.5 - Unauthenticated Arbitrary File Read via Absolute Path Traversal

CVE-2025-14848 MEDIUM

Advantech WebAccess/SCADA - Absolute Path Traversal

CVE-2025-67898 MEDIUM

MJML < 4.18.0 - Directory Traversal and Arbitrary File Read via mj-include

CVE-2025-34392 CRITICAL

Barracuda RMM < 2025.1.1 - Absolute Path Traversal and Remote Code Execution via WSDL URL

CVE-2025-14253 MEDIUM

Vitals ESP - Path Traversal

CVE-2025-36357 HIGH

IBM Planning Analytics Local 2.1.0-2.1.14 - Authenticated Absolute Path Traversal

CVE-2025-13283 HIGH

TenderDocTransfer < 0.41.159 - Unauthenticated Arbitrary File Copy and Paste via API

CVE-2025-13282 HIGH

TenderDocTransfer < 0.41.159 - Unauthenticated Arbitrary File Deletion via API

CVE-2025-7846 HIGH

WordPress User Extra Fields <16.7 - Privilege Escalation

CVE-2025-8575 HIGH

LWS Cleaner <2.4.1.3 - Privilege Escalation

CVE-2025-9518 HIGH

Atec Debug <1.2.22 - Privilege Escalation

CVE-2025-9516 MEDIUM

Atec Debug <1.2.22 - Info Disclosure

CVE-2025-9259 MEDIUM

WebITR < 2.1.0.33 - Authenticated Absolute Path Traversal

CVE-2025-9258 MEDIUM

Uniong WebITR < 2.1.0.33 - Authenticated Arbitrary File Read via Absolute Path Traversal

CVE-2025-9257 MEDIUM

Uniong WebITR < 2.1.0.33 - Authenticated Absolute Path Traversal

CVE-2025-9256 MEDIUM

WebITR < 2.1.0.33 - Authenticated Arbitrary File Read via Absolute Path Traversal

CVE-2025-57790 HIGH

Commvault < 11.36.60 - Path Traversal and Remote Code Execution

CVE-2025-8912 HIGH

WellChoose Organization Portal System < IFTOP_P3_2_1_197 - Arbitrary File Read via Path Traversal

CVE-2025-8909 MEDIUM

WellChoose Organization Portal System < IFTOP_P3_2_1_197 - Authenticated Arbitrary File Read via Absolute Path Traversal

CVE-2025-8213 HIGH

NinjaScanner <= 3.2.5 - Authenticated Arbitrary File Deletion

CVE-2025-53079 MEDIUM

Samsung Data Management Server Firmware 2.0.0-2.3.13.1 - Authenticated Absolute Path Traversal

CVE-2025-8009 MEDIUM

Security Ninja - WordPress Security Plugin & Firewall <5.243 - Info...

CVE-2025-53651 MEDIUM

Jenkins HTML Publisher Plugin <425 - Info Disclosure

CVE-2025-53392 MEDIUM

pfSense 2.8.0 - Authenticated Absolute Path Traversal via diag_command.php dlPath Parameter

CVE-2025-6381 HIGH

BeeTeam368 Extensions < 2.3.4 - Authenticated Directory Traversal via handle_remove_temp_file()

Previous Page 2 of 6 Next

Details

Vulnerabilities 126

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy