VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 17 of 275
  • CVE-2026-32771CriMar 20, 2026
    risk 0.57cvss 9.8epss 0.01

    The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go (lines 248–254) is vulnerable to Path…

  • CVE-2026-29522HigMar 16, 2026
    risk 0.57cvss epss 0.01

    ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion (LFI) vulnerability in the /server/node_upgrade_srv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on…

  • CVE-2026-3013HigMar 11, 2026
    risk 0.57cvss epss 0.01

    Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow to read content of any file accessible by the the web server process.This issue…

  • CVE-2026-2448HigMar 3, 2026
    risk 0.57cvss 8.8epss 0.01

    The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate_template() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and…

  • CVE-2026-1311HigFeb 26, 2026
    risk 0.57cvss 8.8epss 0.01

    The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a malicious ZIP…

  • CVE-2026-2464HigFeb 18, 2026
    risk 0.57cvss epss 0.01

    Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The…

  • CVE-2026-25592CriFeb 6, 2026
    risk 0.57cvss 9.9epss 0.02

    Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem…

  • CVE-2026-1523HigFeb 5, 2026
    risk 0.57cvss epss 0.01

    Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server's file system, thet is, 'http:///..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2F…

  • CVE-2025-65077HigFeb 3, 2026
    risk 0.57cvss epss 0.01

    A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

  • CVE-2026-1056CriJan 28, 2026
    risk 0.57cvss 9.8epss 0.12

    The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete…

  • CVE-2025-66428HigJan 22, 2026
    risk 0.57cvss 8.8epss 0.00

    An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation.

  • CVE-2025-34181HigDec 15, 2025
    risk 0.57cvss epss 0.01

    NetSupport Manager < 14.12.0001 contains an arbitrary file write vulnerability in its Connectivity Server/Gateway PUTFILE request handler. An attacker with a valid Gateway Key can supply a crafted filename containing directory traversal sequences to write files to arbitrary…

  • CVE-2025-14344CriDec 12, 2025
    risk 0.57cvss 9.8epss 0.00

    The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'plupload_ajax_delete_file' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated…

  • CVE-2025-12824HigDec 12, 2025
    risk 0.57cvss 8.8epss 0.01

    The Player Leaderboard plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.2 via the 'player_leaderboard' shortcode. This is due to the plugin using an unsanitized user-supplied value from the shortcode's 'mode' attribute in a…

  • CVE-2024-58310HigDec 11, 2025
    risk 0.57cvss epss 0.01

    APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like /etc/passwd by…

  • CVE-2025-65952HigNov 25, 2025
    risk 0.57cvss epss 0.00

    Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashes and periods can be used to escape the Gorilla Tag path and write to unwanted…

  • CVE-2025-34350HigNov 25, 2025
    risk 0.57cvss epss 0.01

    UnForm Server versions < 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp'…

  • CVE-2022-4982HigNov 12, 2025
    risk 0.57cvss epss 0.00

    DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (`frame.html` and `frame.A100.html`) that accept a path parameter (`content` or `sidebar`) which is not properly validated…

  • CVE-2021-4463HigNov 12, 2025
    risk 0.57cvss epss 0.01

    Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive…

  • CVE-2016-15055HigNov 12, 2025
    risk 0.57cvss epss 0.01

    JVC VN-T IP-camera models firmware versions up to 2016-08-22 (confirmed on the VN-T216VPRU model) contain a directory traversal vulnerability in the checkcgi endpoint that accepts a user-controlled file parameter. An unauthenticated remote attacker can leverage this…