VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 143 of 275
  • CVE-2026-26058MedApr 3, 2026
    risk 0.33cvss 6.1epss 0.00

    Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user…

  • CVE-2025-14111MedDec 5, 2025
    risk 0.33cvss 5.0epss 0.01

    A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly…

  • CVE-2025-59825MedSep 23, 2025
    risk 0.33cvss epss 0.00

    astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpack_in_raw API. Additionally, the…

  • CVE-2025-8522MedAug 4, 2025
    risk 0.33cvss 5.0epss 0.00

    A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to path traversal. It is possible to launch the attack…

  • CVE-2025-6210MedJul 7, 2025
    risk 0.33cvss 6.2epss 0.00

    A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by…

  • CVE-2025-46096MedJun 13, 2025
    risk 0.33cvss 6.1epss 0.01

    Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component

  • CVE-2024-41887MedDec 24, 2024
    risk 0.33cvss epss 0.01

    Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory. The manufacturer has released…

  • CVE-2024-32111MedJun 25, 2024
    risk 0.33cvss 5.0epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from…

  • CVE-2024-0849MedFeb 7, 2024
    risk 0.33cvss 5.0epss 0.00

    Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.

  • CVE-2023-43801MedOct 18, 2023
    risk 0.33cvss 6.1epss 0.00

    Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/v2/pkgs/tools/installed` and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or…

  • CVE-2023-43803MedOct 18, 2023
    risk 0.33cvss 6.1epss 0.00

    Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/v2/pkgs/tools/installed` and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or…

  • CVE-2023-40026MedSep 27, 2023
    risk 0.33cvss 5.0epss 0.01

    Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the…

  • CVE-2022-36007MedAug 15, 2022
    risk 0.33cvss 6.1epss 0.00

    Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. A partial path traversal issue exists within the functions `load-file` and `load-resource`. These functions can be limited to load files from a list of load paths. Assuming Venice has been…

  • CVE-2019-3902MedApr 22, 2019
    risk 0.33cvss 5.1epss 0.01

    A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

  • CVE-2018-1103MedJun 12, 2018
    risk 0.33cvss 6.1epss 0.01

    Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.

  • CVE-2017-2245MedJul 7, 2017
    risk 0.33cvss 5.0epss 0.03

    Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2015-2007MedJan 3, 2016
    risk 0.33cvss 5.0epss 0.01

    Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL.

  • CVE-2026-12089MedJun 13, 2026
    risk 0.32cvss 4.9epss 0.00

    The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combine_current_css() function trusting values harvested from…

  • CVE-2026-11844MedJun 12, 2026
    risk 0.32cvss 4.9epss 0.00

    The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended directory scope.

  • CVE-2026-9197MedJun 6, 2026
    risk 0.32cvss 4.9epss 0.01

    The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of…