CWE-26
12 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-26page 1 of 1
- CVE-2021-34762HIGHCVSS 8.1EG 8.12021-10-27
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would requi…
- CVE-2021-42021HIGHCVSS 7.5EG 7.52021-11-09
A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 …
- CVE-2023-25802HIGHCVSS 7.5EG 7.52023-03-13
Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor to gain information…
- CVE-2023-50255CRITICALCVSS 9.3EG 9.32023-12-27
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening …
- CVE-2024-20345MEDIUMCVSS 6.5EG 6.52024-03-06
A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient vali…
- CVE-2024-25466HIGHCVSS 7.8EG 7.82024-02-16
Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.
- CVE-2024-28064CRITICALCVSS 9.8EG 9.12024-05-18
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLogin…
- CVE-2024-29466HIGHCVSS 8.8EG 8.82024-04-30
Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component.
- CVE-2024-31551HIGHCVSS 7.5EG 7.52024-04-26
Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request.
- CVE-2024-39673MEDIUMCVSS 6.8EG 6.82024-07-25
Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-5865HIGHCVSS 7.7EG 7.72024-07-02
Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch.
- CVE-2024-5866MEDIUMCVSS 5.0EG 5.02024-07-02
Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 an…
Map vulnerabilities like CWE-26 to your infrastructure
EchelonGraph correlates every CVE — across CWE-26 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →