VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 32 of 275
  • CVE-2026-45565HigJun 10, 2026
    risk 0.53cvss 8.1epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString (app/modules/roxywi/class_models.py:16-30) is the centralised Pydantic validator used on dozens of fields including SSH credential name, username,…

  • CVE-2026-46484HigJun 8, 2026
    risk 0.53cvss 8.1epss 0.00

    Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3…

  • CVE-2026-45668CriMay 29, 2026
    risk 0.53cvss epss 0.00

    Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via #docName path traversal and XSS by combining a payload note…

  • CVE-2026-46402HigMay 27, 2026
    risk 0.53cvss 8.1epss 0.01

    Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled task_name value directly when constructing session log paths. An authenticated client can supply path traversal sequences in…

  • CVE-2026-6282HigMay 13, 2026
    risk 0.53cvss 8.1epss 0.00

    A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.

  • CVE-2026-20916HigMay 13, 2026
    risk 0.53cvss 8.1epss 0.00

    An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2026-42315HigMay 11, 2026
    risk 0.53cvss 8.1epss 0.00

    pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_folder", there is no sanitization at all, allowing a user with Perms.MODIFY to…

  • CVE-2026-7807HigMay 8, 2026
    risk 0.53cvss 8.1epss 0.00

    SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak…

  • CVE-2026-42075HigMay 4, 2026
    risk 0.53cvss 8.1epss 0.01

    Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths…

  • CVE-2026-5966HigApr 20, 2026
    risk 0.53cvss 8.1epss 0.00

    ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.

  • CVE-2026-4351HigApr 10, 2026
    risk 0.53cvss 8.1epss 0.00

    The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the `PMCS::action_handler()` method processing the bulk action `activate`/`deactivate` handlers without any authorization…

  • CVE-2026-4350HigApr 3, 2026
    risk 0.53cvss 8.1epss 0.01

    The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the `PMCS::action_handler()` method processing the `$_GET['delete']` parameter without any sanitization, authorization…

  • CVE-2026-33949HigApr 1, 2026
    risk 0.53cvss 8.1epss 0.00

    Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in…

  • CVE-2018-25194HigMar 6, 2026
    risk 0.53cvss 8.2epss 0.00

    Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can send POST requests to the login/checklogin.php endpoint with crafted UNION-based…

  • CVE-2025-69621HigFeb 4, 2026
    risk 0.53cvss 8.1epss 0.00

    An arbitrary file overwrite vulnerability in the file import process of Comic Book Reader v1.0.95 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.

  • CVE-2026-21440CriJan 2, 2026
    risk 0.53cvss epss 0.01

    AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and…

  • CVE-2025-40898HigDec 18, 2025
    risk 0.53cvss 8.1epss 0.00

    A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files…

  • CVE-2025-12003HigNov 25, 2025
    risk 0.53cvss epss 0.01

    A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

  • CVE-2025-10488HigOct 25, 2025
    risk 0.53cvss 8.1epss 0.01

    The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to arbitrary file move due to insufficient file path validation in the add_listing_action AJAX action in all versions up to, and including, 8.4.8. This makes it…

  • CVE-2013-10062MedAug 1, 2025
    risk 0.53cvss epss 0.01

    A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next_page POST parameter to access arbitrary…