VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 169 of 275
  • CVE-2026-47712LowJun 10, 2026
    risk 0.14cvss 3.3epss 0.00

    Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.format_patch(outdir=...) derives each patch filename from the commit's subject line. Prior to this fix, get_summary only…

  • CVE-2026-47091LowMay 18, 2026
    risk 0.14cvss 3.3epss 0.00

    Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin JSON. Attackers can access any file readable by the process and the file…

  • CVE-2026-33529LowMar 26, 2026
    risk 0.14cvss 3.3epss 0.00

    Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to…

  • CVE-2025-6589LowFeb 2, 2026
    risk 0.14cvss epss 0.00

    Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php. This issue affects MediaWiki: >= 1.42.0.

  • CVE-2025-58769LowOct 1, 2025
    risk 0.14cvss 3.3epss 0.00

    auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept…

  • CVE-2025-27726LowMar 28, 2025
    risk 0.14cvss 2.1epss 0.00

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained…

  • CVE-2023-42456LowSep 21, 2023
    risk 0.14cvss 3.3epss 0.01

    Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the…

  • CVE-2023-41044LowAug 31, 2023
    risk 0.14cvss 3.3epss 0.01

    Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker…

  • CVE-2025-59414LowSep 17, 2025
    risk 0.13cvss 3.1epss 0.00

    Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application…

  • CVE-2022-22821LowJan 10, 2022
    risk 0.13cvss 2.0epss 0.00

    NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.

  • CVE-2020-15141LowAug 14, 2020
    risk 0.13cvss 3.0epss 0.01

    In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk.

  • CVE-2024-38358LowJun 19, 2024
    risk 0.12cvss 2.9epss 0.00

    Wasmer is a web assembly (wasm) Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both `oflags::creat` and `rights::fd_write`. Programs…

  • CVE-2026-35496LowApr 17, 2026
    risk 0.11cvss 2.7epss 0.00

    A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.

  • CVE-2026-29185LowMar 7, 2026
    risk 0.11cvss 2.7epss 0.00

    Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by…

  • CVE-2026-2419LowFeb 18, 2026
    risk 0.11cvss 2.7epss 0.01

    The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences…

  • CVE-2025-8110KEVDec 10, 2025
    risk 0.11cvss epss 0.77

    Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

  • CVE-2025-48370LowMay 27, 2025
    risk 0.11cvss epss 0.01

    auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path…

  • CVE-2025-44021LowMay 8, 2025
    risk 0.11cvss 2.8epss 0.00

    OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conductor), which may then be…

  • CVE-2024-31450LowApr 19, 2024
    risk 0.11cvss 2.7epss 0.01

    Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete custom emojis, which are…

  • CVE-2022-29253LowMay 25, 2022
    risk 0.11cvss 2.7epss 0.01

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with ".." in it.…