Skip to main content

CWE-35

Path Traversal: '.../...//'

149 CVEs Avg CVSS 7.1 MITRE
15
CRITICAL
70
HIGH
61
MEDIUM
2
LOW
4
POC
1
KEV

Monthly

CVE-2026-49779 MEDIUM This Month

Path traversal in the Tax Exempt for WooCommerce plugin (versions <= 1.9.3) by Addify enables authenticated customer-level users to read arbitrary files from the server's filesystem. The vulnerability carries a CVSS 6.5 Medium score with high confidentiality impact, as a low-privileged account (a standard customer/shopper) can traverse directory boundaries to access sensitive files such as wp-config.php containing database credentials. No public exploit code or active CISA KEV listing has been identified at time of analysis.

WordPress Path Traversal Tax Exempt For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-52707 HIGH This Week

Unauthenticated local file inclusion in the Mikado-Themes Kastell WordPress theme (versions ≤ 2.0) allows remote attackers to traverse directories and read or include arbitrary server-side files, potentially leading to disclosure of sensitive configuration data such as wp-config.php and, depending on PHP configuration, code execution. The flaw is reported via Patchstack with CVSS 8.1 (high) and no public exploit identified at time of analysis. The CWE-35 classification (Path Traversal: '.../...//') points to relative-path manipulation as the root cause.

Information Disclosure Kastell
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-52703 CRITICAL Act Now

Path traversal in the FastDup WordPress plugin through version 2.7.2 allows remote attackers to read or write arbitrary files outside the plugin's intended directory after a single user interaction, with confidentiality, integrity, and availability impacts extending to the WordPress host (scope-changed, CVSS 9.6). The flaw is unauthenticated per the CVSS vector but requires a victim to trigger the malicious request, and no public exploit identified at time of analysis. Disclosure originates from Patchstack's WordPress vulnerability research program.

Path Traversal Fastdup
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2026-49112 HIGH This Week

Unauthenticated path traversal in the Shared Files WordPress plugin (versions 1.7.64 and earlier) allows remote attackers to read arbitrary files outside the plugin's intended directory scope on the underlying WordPress host. The flaw is reachable without authentication over the network and carries a CVSS 7.5 with high confidentiality impact, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV. Disclosed by Patchstack, the bug primarily threatens sensitive files such as wp-config.php and other server-side secrets accessible to the web user.

Path Traversal Shared Files
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-42661 HIGH This Week

Authenticated path traversal in the WP Customer Area WordPress plugin through version 8.3.4 allows users with low-privilege custom roles to escape intended directory boundaries and access or manipulate files outside the plugin's permitted scope. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N) indicates network-reachable exploitation by authenticated users with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Path Traversal Wp Customer Area
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-40128 CRITICAL NEWS Act Now

Path traversal in SAP NetWeaver Application Server Java's Web Container allows unauthenticated remote attackers to manipulate file inclusion parameters within crafted HTTP logon requests, leading to inclusion and processing of arbitrary local files. Successful exploitation can expose or modify sensitive data and render portions of the server unavailable, with no public exploit identified at time of analysis but a CVSS of 9.0 reflecting full CIA impact with scope change.

Path Traversal SAP Java
NVD VulDB
CVSS 3.1
9.0
EPSS
0.1%
CVE-2026-24315 MEDIUM This Month

SAP Fiori Launchpad is vulnerable to malicious URL crafting that triggers arbitrary service calls within the Fiori domain, enabling credential theft from users who interact with the crafted link. Exploitation requires no attacker privileges (PR:N per CVSS) but demands high attack complexity (AC:H) and user interaction (UI:R), meaning adversaries must possess advanced system knowledge and successfully deliver the URL to a victim. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, placing this in the medium-priority tier despite the credential-theft potential.

Information Disclosure SAP
NVD VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2026-44933 HIGH PATCH This Week

Privilege escalation via chroot bypass in PluginScript allows local users to execute host binaries such as /bin/bash with root privileges when the repoManagerRoot is set to '/' (a common default or result of --root). Because chroot to the system root is a no-op, path traversal within the plugin escapes intended isolation. No public exploit identified at time of analysis, but the issue was reported by a SUSE researcher and is tracked in SUSE Bugzilla.

Information Disclosure Suse
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-7302 PyPI CRITICAL GHSA Act Now

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.

Path Traversal Sglang
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-42930 HIGH PATCH This Week

Authenticated administrators in F5 BIG-IP Appliance mode can bypass configuration restrictions designed to prevent system-level access. Administrators with the 'Administrator' role can circumvent Appliance mode lockdown controls, potentially modifying underlying system configurations that should be protected in this deployment mode. Vendor patch available per F5 Security Advisory K000160876. CVSS 8.5 reflects high confidentiality/integrity impact despite requiring privileged authentication.

Authentication Bypass Big Ip
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

Path traversal in the Tax Exempt for WooCommerce plugin (versions <= 1.9.3) by Addify enables authenticated customer-level users to read arbitrary files from the server's filesystem. The vulnerability carries a CVSS 6.5 Medium score with high confidentiality impact, as a low-privileged account (a standard customer/shopper) can traverse directory boundaries to access sensitive files such as wp-config.php containing database credentials. No public exploit code or active CISA KEV listing has been identified at time of analysis.

WordPress Path Traversal Tax Exempt For Woocommerce
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated local file inclusion in the Mikado-Themes Kastell WordPress theme (versions ≤ 2.0) allows remote attackers to traverse directories and read or include arbitrary server-side files, potentially leading to disclosure of sensitive configuration data such as wp-config.php and, depending on PHP configuration, code execution. The flaw is reported via Patchstack with CVSS 8.1 (high) and no public exploit identified at time of analysis. The CWE-35 classification (Path Traversal: '.../...//') points to relative-path manipulation as the root cause.

Information Disclosure Kastell
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

Path traversal in the FastDup WordPress plugin through version 2.7.2 allows remote attackers to read or write arbitrary files outside the plugin's intended directory after a single user interaction, with confidentiality, integrity, and availability impacts extending to the WordPress host (scope-changed, CVSS 9.6). The flaw is unauthenticated per the CVSS vector but requires a victim to trigger the malicious request, and no public exploit identified at time of analysis. Disclosure originates from Patchstack's WordPress vulnerability research program.

Path Traversal Fastdup
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated path traversal in the Shared Files WordPress plugin (versions 1.7.64 and earlier) allows remote attackers to read arbitrary files outside the plugin's intended directory scope on the underlying WordPress host. The flaw is reachable without authentication over the network and carries a CVSS 7.5 with high confidentiality impact, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV. Disclosed by Patchstack, the bug primarily threatens sensitive files such as wp-config.php and other server-side secrets accessible to the web user.

Path Traversal Shared Files
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated path traversal in the WP Customer Area WordPress plugin through version 8.3.4 allows users with low-privilege custom roles to escape intended directory boundaries and access or manipulate files outside the plugin's permitted scope. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N) indicates network-reachable exploitation by authenticated users with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Path Traversal Wp Customer Area
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

Path traversal in SAP NetWeaver Application Server Java's Web Container allows unauthenticated remote attackers to manipulate file inclusion parameters within crafted HTTP logon requests, leading to inclusion and processing of arbitrary local files. Successful exploitation can expose or modify sensitive data and render portions of the server unavailable, with no public exploit identified at time of analysis but a CVSS of 9.0 reflecting full CIA impact with scope change.

Path Traversal SAP Java
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM This Month

SAP Fiori Launchpad is vulnerable to malicious URL crafting that triggers arbitrary service calls within the Fiori domain, enabling credential theft from users who interact with the crafted link. Exploitation requires no attacker privileges (PR:N per CVSS) but demands high attack complexity (AC:H) and user interaction (UI:R), meaning adversaries must possess advanced system knowledge and successfully deliver the URL to a victim. No public exploit code has been identified at time of analysis and the vulnerability is not listed in the CISA KEV catalog, placing this in the medium-priority tier despite the credential-theft potential.

Information Disclosure SAP
NVD VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Privilege escalation via chroot bypass in PluginScript allows local users to execute host binaries such as /bin/bash with root privileges when the repoManagerRoot is set to '/' (a common default or result of --root). Because chroot to the system root is a no-op, path traversal within the plugin escapes intended isolation. No public exploit identified at time of analysis, but the issue was reported by a SUSE researcher and is tracked in SUSE Bugzilla.

Information Disclosure Suse
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.

Path Traversal Sglang
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Authenticated administrators in F5 BIG-IP Appliance mode can bypass configuration restrictions designed to prevent system-level access. Administrators with the 'Administrator' role can circumvent Appliance mode lockdown controls, potentially modifying underlying system configurations that should be protected in this deployment mode. Vendor patch available per F5 Security Advisory K000160876. CVSS 8.5 reflects high confidentiality/integrity impact despite requiring privileged authentication.

Authentication Bypass Big Ip
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy