VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 163 of 275
  • CVE-2026-34446MedApr 1, 2026
    risk 0.24cvss 4.7epss 0.00

    Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a…

  • CVE-2025-7039LowSep 3, 2025
    risk 0.24cvss 3.7epss 0.00

    A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local…

  • CVE-2025-4748MedJun 16, 2025
    risk 0.24cvss epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines…

  • CVE-2023-40160LowMar 18, 2024
    risk 0.24cvss 3.7epss 0.01

    Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server.

  • CVE-2023-28458MedApr 20, 2023
    risk 0.24cvss 4.3epss 0.03

    pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.

  • CVE-2023-24815MedFeb 9, 2023
    risk 0.24cvss 4.8epss 0.01

    Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an…

  • CVE-2018-1263MedMay 15, 2018
    risk 0.24cvss 4.7epss 0.01

    Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds…

  • CVE-2018-1261MedMay 11, 2018
    risk 0.24cvss 4.7epss 0.01

    Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename…

  • CVE-2015-8309MedMar 27, 2017
    risk 0.24cvss 4.3epss 0.07

    Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."

  • CVE-2016-4323LowJan 6, 2017
    risk 0.24cvss 3.7epss 0.02

    A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a…

  • CVE-2026-45380LowJun 10, 2026
    risk 0.23cvss 3.6epss 0.00

    bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allows an attacker to craft a .7z archive that, when extracted with bit7z on any…

  • CVE-2026-32685MedJun 2, 2026
    risk 0.23cvss epss 0.00

    Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without…

  • CVE-2026-33462MedMay 28, 2026
    risk 0.23cvss 4.6epss 0.00

    A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through…

  • CVE-2026-42080MedMay 4, 2026
    risk 0.23cvss 4.6epss 0.00

    PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via `save_generated_slides`. This issue has been patched via commit 418491a.

  • CVE-2026-42078MedMay 4, 2026
    risk 0.23cvss 4.6epss 0.00

    PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This issue has been patched via commit 418491a.

  • CVE-2025-15245LowDec 30, 2025
    risk 0.23cvss 3.5epss 0.01

    A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been…

  • CVE-2025-10273LowSep 12, 2025
    risk 0.23cvss 3.5epss 0.01

    A vulnerability was identified in erjinzhi 10OA 1.0. Affected by this vulnerability is an unknown functionality of the file /view/file.aspx. Such manipulation of the argument File leads to path traversal. The exploit is publicly available and might be used. The vendor was…

  • CVE-2024-34521LowFeb 12, 2025
    risk 0.23cvss 3.5epss 0.01

    A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an administrative user to access system files with the file permissions of the privileged system user running the application.

  • CVE-2024-37372LowJan 9, 2025
    risk 0.23cvss 3.6epss 0.00

    The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.

  • CVE-2024-8865LowSep 15, 2024
    risk 0.23cvss 3.5epss 0.01

    A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Affected by this issue is the function path of the file composio\server\api.py. The manipulation of the argument file leads to path traversal. The exploit has been disclosed to the public…