CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 123 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54659 | Med | 0.38 | 5.8 | 0.00 | Mar 10, 2026 | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read… | ||
| CVE-2025-12002 | Med | 0.38 | 5.9 | 0.00 | Jan 17, 2026 | The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sby_check_wp_submit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation.… | ||
| CVE-2025-59336 | Med | 0.38 | — | 0.00 | Sep 16, 2025 | Luanox is a module host for Lua packages. Prior to 0.1.1, a file traversal vulnerability can cause potential denial of service by overwriting Phoenix runtime files. Package names like ../../package are not properly filtered and pass the validity check of the rockspec… | ||
| CVE-2025-55214 | Med | 0.38 | — | 0.00 | Aug 18, 2025 | Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the… | ||
| CVE-2025-42970 | Med | 0.38 | 5.8 | 0.00 | Jul 8, 2025 | SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on… | ||
| CVE-2025-4187 | Med | 0.38 | 5.9 | 0.01 | Jun 14, 2025 | The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of… | ||
| CVE-2025-3223 | Med | 0.38 | 5.9 | 0.00 | May 19, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova WorkstationST on Windows (EGD Configuration Server modules) allows Path Traversal.This issue affects WorkstationST: WorkstationST V07.10.10C and earlier. | ||
| CVE-2025-31411 | Med | 0.38 | 5.9 | 0.00 | Apr 10, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aribhour Linet ERP-Woocommerce Integration linet-erp-woocommerce-integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Integration: from n/a through <= 3.5.12. | ||
| CVE-2025-31554 | Med | 0.38 | 5.9 | 0.00 | Apr 3, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in docxpresso Docxpresso docxpresso allows Absolute Path Traversal.This issue affects Docxpresso: from n/a through <= 2.6. | ||
| CVE-2024-13894 | Med | 0.38 | — | 0.00 | Mar 6, 2025 | Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. When an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at… | ||
| CVE-2025-1035 | Med | 0.38 | 5.7 | 0.10 | Feb 18, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls. This issue affects KLog Server: before 3.1.1. | ||
| CVE-2024-53586 | Med | 0.38 | 5.3 | 0.02 | Feb 6, 2025 | An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files,… | ||
| CVE-2024-55415 | — | Med | 0.38 | 5.7 | 0.15 | Jan 30, 2025 | DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass. | |
| CVE-2025-23562 | Med | 0.38 | 5.8 | 0.01 | Jan 22, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pitinca XLSXviewer xlsx-viewer allows Path Traversal.This issue affects XLSXviewer: from n/a through <= 2.1.1. | ||
| CVE-2024-42007 | Med | 0.38 | 5.8 | 0.01 | Jul 26, 2024 | SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files. | ||
| CVE-2017-6020 | Med | 0.38 | 5.3 | 0.09 | Apr 17, 2018 | Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level. | ||
| CVE-2017-9965 | Med | 0.38 | 5.8 | 0.05 | Jan 2, 2018 | An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files. | ||
| CVE-2017-6805 | Med | 0.38 | 5.3 | 0.08 | Mar 20, 2017 | Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command. | ||
| CVE-2026-39468 | Med | 0.37 | 6.8 | 0.00 | Jun 15, 2026 | Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework <= 5.11.1 versions. | ||
| CVE-2026-45775 | Med | 0.37 | 6.8 | 0.00 | Jun 12, 2026 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability in Discourse backup handling could allow an authenticated administrator… |
- risk 0.38cvss 5.8epss 0.00
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read…
- risk 0.38cvss 5.9epss 0.00
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sby_check_wp_submit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation.…
- risk 0.38cvss —epss 0.00
Luanox is a module host for Lua packages. Prior to 0.1.1, a file traversal vulnerability can cause potential denial of service by overwriting Phoenix runtime files. Package names like ../../package are not properly filtered and pass the validity check of the rockspec…
- risk 0.38cvss —epss 0.00
Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the…
- risk 0.38cvss 5.8epss 0.00
SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on…
- risk 0.38cvss 5.9epss 0.01
The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of…
- risk 0.38cvss 5.9epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova WorkstationST on Windows (EGD Configuration Server modules) allows Path Traversal.This issue affects WorkstationST: WorkstationST V07.10.10C and earlier.
- risk 0.38cvss 5.9epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aribhour Linet ERP-Woocommerce Integration linet-erp-woocommerce-integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Integration: from n/a through <= 3.5.12.
- risk 0.38cvss 5.9epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in docxpresso Docxpresso docxpresso allows Absolute Path Traversal.This issue affects Docxpresso: from n/a through <= 2.6.
- risk 0.38cvss —epss 0.00
Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. When an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at…
- risk 0.38cvss 5.7epss 0.10
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls. This issue affects KLog Server: before 3.1.1.
- risk 0.38cvss 5.3epss 0.02
An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files,…
- risk 0.38cvss 5.7epss 0.15
DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.
- risk 0.38cvss 5.8epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pitinca XLSXviewer xlsx-viewer allows Path Traversal.This issue affects XLSXviewer: from n/a through <= 2.1.1.
- risk 0.38cvss 5.8epss 0.01
SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files.
- risk 0.38cvss 5.3epss 0.09
Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.
- risk 0.38cvss 5.8epss 0.05
An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files.
- risk 0.38cvss 5.3epss 0.08
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.
- risk 0.37cvss 6.8epss 0.00
Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework <= 5.11.1 versions.
- risk 0.37cvss 6.8epss 0.00
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability in Discourse backup handling could allow an authenticated administrator…