CWE-35 路径遍历:’…/…//’ 类弱点 161 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-35 属于路径遍历漏洞,指程序使用外部输入构建受限目录内的文件路径时,未正确过滤“.../...//”等双重重定向序列。攻击者利用此缺陷,通过构造特殊路径字符序列绕过安全检查,访问或修改目录外的敏感文件。开发者应避免直接拼接用户输入,需对路径进行严格规范化处理,并实施白名单验证,确保最终解析路径始终位于预期的安全目录范围内。
../secret.dat/home/product/public/secret.dat| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-49779 | WordPress Tax Exempt for WooCommerce 路径遍历漏洞 — Tax Exempt for WooCommerce | 6.5 | Medium | 2026-07-02 |
| CVE-2026-52707 | Mikado-Themes Kastell 路径遍历漏洞 — Kastell | 8.1 | High | 2026-06-17 |
| CVE-2026-52703 | Ninja Team FastDup 路径遍历漏洞 — FastDup | 9.6 | Critical | 2026-06-15 |
| CVE-2026-49112 | Tammersoft Shared Files 路径遍历漏洞 — Shared Files | 7.5 | High | 2026-06-15 |
| CVE-2026-42661 | aguilatechnologies WP Customer Area 路径遍历漏洞 — WP Customer Area | 8.8 | High | 2026-06-15 |
| CVE-2026-40128 | SAP NetWeaver Application Server Java 安全漏洞 — SAP NetWeaver Application Server Java (Web Container) | 9.0 | Critical | 2026-06-09 |
| CVE-2026-24315 | SAP Fiori 安全漏洞 — SAP Fiori (launchpad) | 4.2 | Medium | 2026-06-09 |
| CVE-2026-44933 | libzypp 安全漏洞 — SUSE Linux Enterprise | 7.8 | High | 2026-05-20 |
| CVE-2026-45495 | Microsoft Edge 安全漏洞 — Microsoft Edge (Chromium-based) | 8.8 | High | 2026-05-18 |
| CVE-2026-42930 | F5 BIG-IP 安全漏洞 — BIG-IP | 8.7 | High | 2026-05-13 |
| CVE-2026-24464 | F5 BIG-IP 安全漏洞 — BIG-IP | 6.8 | Medium | 2026-05-13 |
| CVE-2026-25705 | Rancher 安全漏洞 — rancher | 8.4 | High | 2026-05-13 |
| CVE-2026-0804 | AXIS OS 安全漏洞 — AXIS OS | 6.7 | Medium | 2026-05-12 |
| CVE-2026-42274 | Heimdall 安全漏洞 — heimdall | 5.3AI | MediumAI | 2026-05-08 |
| CVE-2026-20034 | Cisco Unity Connection(UC) 安全漏洞 — Cisco Unity Connection | 8.8 | High | 2026-05-06 |
| CVE-2026-0205 | SonicWALL SonicOS 安全漏洞 — SonicOS | 8.1AI | HighAI | 2026-04-29 |
| CVE-2026-6074 | Intrado 911 Emergency Gateway 安全漏洞 — 911 Emergency Gateway | 9.8 | Critical | 2026-04-23 |
| CVE-2026-28265 | Dell PowerStore 安全漏洞 — PowerStore | 4.4 | Medium | 2026-04-01 |
| CVE-2026-25397 | WordPress plugin File Uploader for WooCommerce 安全漏洞 — File Uploader for WooCommerce | 7.5 | High | 2026-03-25 |
| CVE-2026-32415 | WordPress plugin Squeeze 安全漏洞 — Squeeze | 5.0 | Medium | 2026-03-13 |
| CVE-2026-26124 | Microsoft ACI Confidential Containers 安全漏洞 — Microsoft ACI Confidential Containers | 6.7 | Medium | 2026-03-05 |
| CVE-2025-69325 | WordPress plugin Primer MyData for Woocommerce 安全漏洞 — Primer MyData for Woocommerce | 5.3 | Medium | 2026-02-20 |
| CVE-2025-58381 | Broadcom Brocade Fabric OS(FOS) 安全漏洞 — Fabric OS | 7.2AI | HighAI | 2026-02-03 |
| CVE-2025-58380 | Broadcom Brocade Fabric OS 安全漏洞 — Fabric OS | 6.5AI | MediumAI | 2026-02-03 |
| CVE-2025-59099 | Dormakaba Access Manager 安全漏洞 — Access Manager 92xx-k5 | 9.1AI | CriticalAI | 2026-01-26 |
| CVE-2025-67914 | WordPress plugin VidMov 安全漏洞 — VidMov | 7.7 | High | 2026-01-08 |
| CVE-2025-46256 | WordPress plugin Advanced Database Cleaner PRO 安全漏洞 — Advanced Database Cleaner PRO | 6.4 | Medium | 2026-01-07 |
| CVE-2025-68428 | jsPDF 安全漏洞 — jsPDF | 6.5 | - | 2026-01-05 |
| CVE-2025-28973 | WordPress plugin Pro Bulk Watermark Plugin for WordPress 安全漏洞 — Pro Bulk Watermark Plugin for WordPress | 6.5 | Medium | 2025-12-31 |
| CVE-2025-64676 | Microsoft Purview 代码注入漏洞 — Microsoft Purview | 7.2 | High | 2025-12-18 |
CWE-35(路径遍历:’…/…//’) 是常见的弱点类别,本平台收录该类弱点关联的 161 条 CVE 漏洞。