VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 150 of 275
  • CVE-2018-1002206MedJul 25, 2018
    risk 0.30cvss 5.5epss 0.10

    SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

  • CVE-2018-1002205MedJul 25, 2018
    risk 0.30cvss 5.5epss 0.12

    DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

  • CVE-2018-1002204MedJul 25, 2018
    risk 0.30cvss 5.5epss 0.15

    adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

  • CVE-2018-1002203MedJul 25, 2018
    risk 0.30cvss 5.5epss 0.12

    unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

  • CVE-2018-1002201MedJul 25, 2018
    risk 0.30cvss 5.5epss 0.10

    zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

  • CVE-2018-1002200MedJul 25, 2018
    risk 0.30cvss 5.5epss 0.13

    plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

  • CVE-2014-7954MedJul 7, 2017
    risk 0.30cvss 4.6epss 0.00

    Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a…

  • CVE-2026-39489MedJun 15, 2026
    risk 0.29cvss 4.4epss 0.00

    Author Arbitrary File Download in Download Monitor <= 5.1.9 versions.

  • CVE-2025-62851MedJun 10, 2026
    risk 0.29cvss 4.4epss 0.00

    A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the…

  • CVE-2026-11411MedJun 6, 2026
    risk 0.29cvss 4.4epss 0.00

    A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument _display_name results in path traversal. The attack requires a local approach. The…

  • CVE-2026-2500MedJun 6, 2026
    risk 0.29cvss 4.4epss 0.00

    The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the `qckply_data()` function passing the user-supplied `filename` POST parameter directly to `file_get_contents()` without any validation,…

  • CVE-2026-43965MedJun 2, 2026
    risk 0.29cvss epss 0.00

    Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read from build/packages/packages.toml by LocalPackages::read_from_disc are passed without validation to…

  • CVE-2026-8643MedJun 1, 2026
    risk 0.29cvss 5.5epss 0.00

    pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory.

  • CVE-2026-44885MedMay 28, 2026
    risk 0.29cvss 5.5epss 0.01

    Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and…

  • CVE-2026-46383MedMay 15, 2026
    risk 0.29cvss 5.5epss 0.01

    Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes.…

  • CVE-2026-34730MedApr 2, 2026
    risk 0.29cvss 5.5epss 0.00

    Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _external_data feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen…

  • CVE-2026-34447MedApr 1, 2026
    risk 0.29cvss 5.5epss 0.00

    Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version…

  • CVE-2026-28265MedApr 1, 2026
    risk 0.29cvss 4.4epss 0.00

    PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

  • CVE-2025-53594MedJan 2, 2026
    risk 0.29cvss epss 0.00

    A path traversal vulnerability has been reported to affect several product versions. If a local attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the…

  • CVE-2025-14702MedDec 15, 2025
    risk 0.29cvss 4.4epss 0.00

    A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path traversal. The attack requires local access. The exploit has been published and…