Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-36

CWE-36

Absolute Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

126 vulnerabilities with CWE-36

CVE-2025-5927 HIGH

Everest Forms and Everest Forms Pro <= 1.9.4 - Unauthenticated Arbitrary File Deletion via delete_entry_files()

CVE-2025-4799 HIGH

WP-DownloadManager <= 1.68.10 - Authenticated Arbitrary File Deletion

CVE-2025-36574 HIGH

Dell Wyse Management Suite < 5.2 - Unauthenticated Absolute Path Traversal

CVE-2025-46822 HIGH

OsamaTaher Java-springboot-codebase - Path Traversal

CVE-2025-0001 MEDIUM

Abacus ERP <2024.210.16036-2022.105.15542 - Info Disclosure

CVE-2025-0851 CRITICAL

Ai.djl API < 0.31.1 - Path Traversal

CVE-2024-13945 MEDIUM

ABB ASPECT-Enterprise, NEXUS Series, MATRIX Series <= 3.* - Authenticated Absolute Path Traversal

CVE-2024-48850 HIGH

ABB ASPECT-Enterprise NEXUS Series MATRIX Series <= 3.08.03 - Absolute Path Traversal

CVE-2024-8501 HIGH

modelscope/agentscope <0.0.4 - Info Disclosure

CVE-2024-6854 HIGH

h2o 3.46.0 - Absolute Path Traversal via Model Export Endpoint

CVE-2024-12375 MEDIUM

automatic1111/stable-diffusion-webui git 82a973c - Absolute Path Traversal

CVE-2024-10833 CRITICAL

db-gpt < 0.6.2 - Arbitrary File Write via Knowledge API Filename Parameter

CVE-2024-10831 CRITICAL

db-gpt 0.6.0 - Absolute Path Traversal via File Upload Endpoint

CVE-2024-10047 MEDIUM

parisneo/lollms-webui <latest - Path Traversal

CVE-2024-48248 HIGH KEV

NAKIVO Backup & Replication < 11.0.0.88174 - Absolute Path Traversal via getImageByPath

CVE-2024-6097 MEDIUM

Progress Telerik Reporting < 19.0.25.211 - Local Path Traversal via Absolute Path

CVE-2024-57966 MEDIUM

KDE ark < 24.12.0 - Absolute Path Traversal via Archive Extraction

CVE-2024-13161 CRITICAL KEV

Ivanti Endpoint Manager < 2022 - Unauthenticated Absolute Path Traversal

CVE-2024-13160 CRITICAL KEV

Ivanti Endpoint Manager < 2022 SU6 - Unauthenticated Absolute Path Traversal

CVE-2024-13159 CRITICAL KEV

Ivanti Endpoint Manager < 2022 - Unauthenticated Absolute Path Traversal

CVE-2024-10811 CRITICAL

Ivanti Endpoint Manager < 2022 SU6 - Unauthenticated Path Traversal

CVE-2024-56321 LOW

GoCD 18.9.0-24.4.0 - Authenticated Arbitrary Script Execution via Backup Configuration Post-Backup Script

CVE-2024-12646 HIGH

Chunghwa Telecom topm-client - Path Traversal

CVE-2024-12644 HIGH

Chunghwa Telecom tbm-client - CSRF & Path Traversal

CVE-2024-12643 HIGH

Chunghwa Telecom tbm-client - Path Traversal

Previous Page 3 of 6 Next

Details

Vulnerabilities 126

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy