Weaknesses of type CWE-35
170 resultsCVE-2023-5885MEDIUMFranklin Electric Fueling Systems Colibri Path TraversalEPSS 1.1%CVE-2025-59793CRITICALRocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be ableEPSS 1.0%CVE-2024-0113HIGHNVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traverEPSS 1.0%CVE-2025-26352MEDIUMA CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated EPSS 1.0%CVE-2026-45495HIGHMicrosoft Edge (Chromium-based) Remote Code Execution VulnerabilityEPSS 1.0%CVE-2024-21575CRITICALComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST requestEPSS 1.0%CVE-2023-6252HIGHPath traversal vulnerability in Chameleon Power productsEPSS 0.9%CVE-2024-2654MEDIUMFile Manager <= 7.2.5 - Authenticated (Administrator+) Directory TraversalEPSS 0.9%CVE-2025-64676HIGHMicrosoft Purview eDiscovery Remote Code Execution VulnerabilityEPSS 0.9%CVE-2026-24464MEDIUMAppliance mode iControl REST vulnerabilityEPSS 0.9%CVE-2024-45190MEDIUMMage AI pipeline interaction request remote arbitrary file leakEPSS 0.9%CVE-2025-26355MEDIUMA CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticateEPSS 0.9%CVE-2025-26353MEDIUMA CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote aEPSS 0.8%CVE-2025-26351MEDIUMA CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated EPSS 0.8%CVE-2024-1886LOWAbsolute path traversal attack on LG SignageEPSS 0.8%CVE-2025-26356HIGHA CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 aEPSS 0.8%CVE-2025-26354HIGHA CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allowsEPSS 0.8%CVE-2024-47169HIGHAgnai vulnerable to Remote Code Execution via JS Upload using Directory TraversalEPSS 0.8%CVE-2022-48476HIGHIn JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
EPSS 0.8%CVE-2024-10857MEDIUMProduct Input Fields for WooCommerce <= 1.9 - Authenticated (Contributor+) Arbitrary File ReadEPSS 0.8%