VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 232 of 275
  • CVE-2025-49656Jul 21, 2025
    risk 0.00cvss epss 0.01

    Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.

  • CVE-2025-6233Jul 18, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal.

  • CVE-2025-53632Jul 10, 2025
    risk 0.00cvss epss 0.01

    Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor…

  • CVE-2025-53513Jul 8, 2025
    risk 0.00cvss epss 0.01

    The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running…

  • CVE-2025-6210Jul 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by…

  • CVE-2025-3046Jul 7, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the…

  • CVE-2025-34076Jul 2, 2025
    risk 0.00cvss epss 0.01

    An authenticated local file inclusion vulnerability exists in Microweber CMS versions <= 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying…

  • CVE-2025-44163Jun 27, 2025
    risk 0.00cvss epss 0.01

    RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the `entity` parameter to overwrite arbitrary files writable by the web server via abuse…

  • CVE-2025-5981Jun 18, 2025
    risk 0.00cvss epss 0.00

    Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.

  • CVE-2025-6167Jun 17, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this…

  • CVE-2025-3594Jun 16, 2025
    risk 0.00cvss epss 0.01

    Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to (1) add files to arbitrary locations on the server…

  • CVE-2024-38824Jun 13, 2025
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.

  • CVE-2025-46096Jun 13, 2025
    risk 0.00cvss epss 0.01

    Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component

  • CVE-2025-28384Jun 13, 2025
    risk 0.00cvss epss 0.01

    An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.

  • CVE-2025-28382Jun 13, 2025
    risk 0.00cvss epss 0.01

    An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.

  • CVE-2024-57189Jun 10, 2025
    risk 0.00cvss epss 0.00

    In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.

  • CVE-2024-57186Jun 10, 2025
    risk 0.00cvss epss 0.00

    In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.

  • CVE-2025-49138Jun 9, 2025
    risk 0.00cvss epss 0.00

    HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by…

  • CVE-2025-47952May 30, 2025
    risk 0.00cvss epss 0.01

    Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a…

  • CVE-2025-47273May 17, 2025
    risk 0.00cvss epss 0.01

    setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on…