Description
The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.
Extended Description
Path equivalence is usually employed in order to circumvent access controls expressed using an incomplete set of file name or file path representations. This is different from path traversal, wherein the manipulations are performed to generate a name for a different object.
CVE vulnerabilities with CWE-41 (27)
8.6
CVSS
HIGH
CVE-2025-24470
pub. 2025-02-11
8.0
CVSS
HIGH
CVE-2026-5816
pub. 2026-04-22
7.8
CVSS
HIGH
CVE-2025-43298
pub. 2025-09-15
7.8
CVSS
HIGH
CVE-2024-30073
pub. 2024-09-10
7.8
CVSS
HIGH
CVE-2023-36396
pub. 2023-11-14
7.5
CVSS
HIGH
CVE-2026-23674
pub. 2026-03-10
7.3
CVSS
HIGH
CVE-2026-49401
pub. 2026-06-23
7.3
CVSS
HIGH
CVE-2024-8765
pub. 2025-03-20
6.9
CVSS
MEDIUM
CVE-2026-34510
pub. 2026-04-01
6.8
CVSS
MEDIUM
CVE-2025-0115
pub. 2025-03-12
6.5
CVSS
MEDIUM
CVE-2024-30036
pub. 2024-05-14
6.5
CVSS
MEDIUM
CVE-2023-46169
pub. 2024-03-07
6.3
CVSS
MEDIUM
CVE-2026-34451
pub. 2026-03-31
6.1
CVSS
MEDIUM
CVE-2022-0855
pub. 2022-03-04
6.0
CVSS
MEDIUM
CVE-2024-45405
pub. 2024-09-06
5.3
CVSS
MEDIUM
CVE-2024-6839
pub. 2025-03-20
4.3
CVSS
MEDIUM
CVE-2025-54107
pub. 2025-09-09
4.3
CVSS
MEDIUM
CVE-2025-21247
pub. 2025-03-11
4.3
CVSS
MEDIUM
CVE-2025-21189
pub. 2025-01-14
4.3
CVSS
MEDIUM
CVE-2025-21219
pub. 2025-01-14
Showing 20 of 27 vulnerabilities