CWE-27: CWE-27

Total CVEs

Critical

High

8.5

Avg CVSS

Yearly Trend

2026

2025

2024

2021

Top Affected Vendors

1 Apache 1

2 Nodejs 1

3 Cisco 1

4 Zyxel 1

All CWE-27 CVEs (6)

CVE-2024-21896

9.8

This CVE describes a path traversal vulnerability in Node.js's experimental permission model where attackers can bypass path validation by monkey-patc...

Feb 20, 2024

CVE-2025-66518

8.8

This vulnerability allows clients accessing Apache Kyuubi Server to bypass the server-side configuration that restricts which local directories can be...

Jan 5, 2026

CVE-2025-10438

8.6

This path traversal vulnerability in Yordam Katalog software allows attackers to access files outside the intended directory by manipulating file path...

Sep 25, 2025

CVE-2024-24809

8.5

Traccar versions before 6.0 allow authenticated attackers to upload malicious files with 'device.' prefix to arbitrary directories via path traversal....

Apr 10, 2024

CVE-2024-20348

7.5

This vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) allows unauthenticated remote attackers to read arbitrary files via the Out-of-Ba...

Apr 3, 2024

CVE-2021-35027

7.5

A directory traversal vulnerability in Zyxel VPN2S firewall firmware allows remote attackers to access sensitive files by manipulating file paths. Thi...

Sep 29, 2021

About CWE-27 (CWE-27)

Our database tracks 6 CVEs classified as CWE-27, with 1 rated critical and 5 rated high severity. The average CVSS score for CWE-27 vulnerabilities is 8.5.

External reference: View CWE-27 on MITRE CWE →

Monitor CWE-27 Vulnerabilities

Get alerted when new CWE-27 CVEs affect your infrastructure.

Start Monitoring Free