Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-36

CWE-36

Absolute Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

126 vulnerabilities with CWE-36

CVE-2024-51549 CRITICAL

ABB ASPECT <3.08.02, NEXUS Series <3.08.02, MATRIX Series <3.08.02 ...

CVE-2024-11978 HIGH

Interinfo DreamMaker < 2024/09/26 - Unauthenticated Path Traversal

CVE-2024-10651 MEDIUM

IDExpert 2.5-2.8 - Authenticated Absolute Path Traversal

CVE-2024-47883 CRITICAL

OpenRefine Butterfly < 1.2.6 - Path Traversal and Server-Side Request Forgery via file:/ URL

CVE-2024-20379 MEDIUM

Cisco Secure Firewall Management Center - Info Disclosure

CVE-2024-9924 CRITICAL

Hgiga OAKlouds < 1162 - Unauthenticated Absolute Path Traversal

CVE-2024-45291 MEDIUM

PhpSpreadsheet Image Embedding - File Read and Server-Side Request Forgery

CVE-2024-45290 HIGH

PHPSpreadsheet <1.29.2, >=2.2.0 <2.3.0 - Absolute Path Traversal via Crafted XLSX File

CVE-2024-8497 HIGH

Franklin Fueling Systems TS-550 EVO <2.26.4.8967 - Info Disclosure

CVE-2024-8778 MEDIUM

OMFLOW 1.1.6.0-1.2.1.2 - Path Traversal via Download Functionality

CVE-2024-7323 MEDIUM

Digiwin EasyFlow .NET < 6.6.17 - Path Traversal and Arbitrary File Read

CVE-2024-28806 HIGH

Italtel i-MCS NFV 12.1.0-20211215 - Unauthenticated Path Traversal and Arbitrary File Write

CVE-2024-20401 CRITICAL

Cisco Secure Email Gateway - File Overwrite

CVE-2024-6250 HIGH

parisneo/lollms-webui <9.6 - Path Traversal

CVE-2024-33620 HIGH

ID Link Manager/FUJITSU Software TIME CREATOR - Path Traversal

CVE-2024-4881 HIGH

lollms < 5.9.0 - Path Traversal via Backslash Handling in /user_infos Endpoint

CVE-2024-2548 HIGH

lollms_web_ui < 9.5 - Path Traversal via User Infos Endpoint

CVE-2024-2362 CRITICAL

lollms_web_ui 9.3 - Path Traversal and Arbitrary File Deletion via del_preset Endpoint

CVE-2024-29053 HIGH

Microsoft Defender for IoT < 24.1.3 - Remote Code Execution

CVE-2024-21323 HIGH

Microsoft Defender for IoT < 24.1.3 - Remote Code Execution

CVE-2024-1703 LOW

CRMEB 5.2.2 - Path Traversal via /adminapi/system/file/openfile

CVE-2023-41830 MEDIUM

Motorola Phones < 2023-12-01 - Unauthenticated Absolute Path Traversal

CVE-2023-50955 LOW

IBM InfoSphere Information Server 11.7 - Authenticated Path Traversal

CVE-2023-5390 MEDIUM

Honeywell ControlEdge Unit Operations Controller Firmware - Path Traversal

CVE-2023-30970 MEDIUM

Gotham Table service & Forward App - Path Traversal

Previous Page 4 of 6 Next

Details

Vulnerabilities 126

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy