VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 140 of 275
  • CVE-2026-7179MedApr 27, 2026
    risk 0.34cvss 5.3epss 0.00

    A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_null_terminated_string of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.file_name…

  • CVE-2026-7132MedApr 27, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2026-7059MedApr 26, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function get_simulation_posts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal. The attack…

  • CVE-2026-6829MedApr 21, 2026
    risk 0.34cvss 6.3epss 0.00

    nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new,…

  • CVE-2026-40152MedApr 9, 2026
    risk 0.34cvss 5.3epss 0.00

    PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools validates the directory parameter against workspace boundaries via _validate_path(), but passes the pattern parameter directly to Path.glob() without any validation. Since Python's…

  • CVE-2026-39977MedApr 9, 2026
    risk 0.34cvss 6.3epss 0.00

    flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using…

  • CVE-2026-34371MedApr 7, 2026
    risk 0.34cvss 6.3epss 0.00

    LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execute_code sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing…

  • CVE-2026-35592MedApr 7, 2026
    risk 0.34cvss 5.3epss 0.00

    pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the _safe_extractall() function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix() for its path traversal check, which performs character-level string comparison…

  • CVE-2026-5638MedApr 6, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was…

  • CVE-2026-5014MedMar 28, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log/ of the component Wildcard Handler. The manipulation results in path traversal. The attack may be performed from remote. The exploit has been made public and…

  • CVE-2026-5013MedMar 28, 2026
    risk 0.34cvss 5.3epss 0.01

    A vulnerability has been found in elecV2 elecV2P up to 3.8.3. Impacted is the function path.join of the file /store/:key. The manipulation of the argument URL leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public…

  • CVE-2026-4997MedMar 28, 2026
    risk 0.34cvss 5.3epss 0.01

    A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function is_sql_query_safe of the file pandasai/helpers/sql_sanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been…

  • CVE-2026-3719MedMar 8, 2026
    risk 0.34cvss 5.3epss 0.01

    A vulnerability was identified in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). This issue affects some unknown processing of the file /System/Cms/downLoad. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The…

  • CVE-2026-27884MedFeb 26, 2026
    risk 0.34cvss 5.3epss 0.00

    NetExec is a network execution tool. Prior to version 1.5.1, the module spider_plus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account that it is possible for Linux SMB shares to have path traversal characters such…

  • CVE-2025-64074MedFeb 11, 2026
    risk 0.34cvss 5.3epss 0.00

    A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value.

  • CVE-2026-25872MedFeb 10, 2026
    risk 0.34cvss 5.3epss 0.01

    JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the…

  • CVE-2025-14699MedDec 15, 2025
    risk 0.34cvss 5.3epss 0.00

    A security vulnerability has been detected in Municorn FAX App 3.27.0 on Android. This vulnerability affects unknown code of the component biz.faxapp.app. Such manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been disclosed publicly…

  • CVE-2025-14617MedDec 13, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in Jehovahs Witnesses JW Library App up to 15.5.1 on Android. Affected is an unknown function of the component org.jw.jwlibrary.mobile.activity.SiloContainer. Such manipulation leads to path traversal. Local access is required to approach this…

  • CVE-2025-13876MedDec 2, 2025
    risk 0.34cvss 5.3epss 0.00

    A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be performed locally. The…

  • CVE-2025-13266MedNov 17, 2025
    risk 0.34cvss 5.3epss 0.01

    A security vulnerability has been detected in wwwlike vlife up to 2.0.1. This issue affects the function create of the file vlife-base/src/main/java/cn/wwwlike/sys/api/SysFileApi.java of the component VLifeApi. Such manipulation of the argument fileName leads to path traversal.…