CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 37 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-27210 | Hig | 0.52 | 7.5 | 0.10 | Jul 18, 2025 | An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of `path.join` API. | ||
| CVE-2025-7360 | Cri | 0.52 | 9.1 | 0.01 | Jul 15, 2025 | The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the handle_files_upload() function in all versions up to, and including, 2.2.1. This… | ||
| CVE-2025-32018 | Hig | 0.52 | 8.0 | 0.00 | Apr 8, 2025 | Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either… | ||
| CVE-2025-30567 | Hig | 0.52 | 7.5 | 0.03 | Mar 25, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP01 WP01 wp01 allows Path Traversal.This issue affects WP01: from n/a through <= 2.6.2. | ||
| CVE-2024-5752 | Cri | 0.52 | 9.1 | 0.01 | Mar 20, 2025 | A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, the project name is not validated, allowing an attacker to create a project with a crafted name that… | ||
| CVE-2024-11042 | Cri | 0.52 | 9.1 | 0.01 | Mar 20, 2025 | In invoke-ai/invokeai version v5.0.2, the web API `POST /api/v1/images/delete` is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH… | ||
| CVE-2024-52787 | Cri | 0.52 | 9.1 | 0.01 | Nov 25, 2024 | An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file. | ||
| CVE-2024-10313 | Hig | 0.52 | 8.0 | 0.00 | Oct 24, 2024 | iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal vulnerability. When the software loads a malicious ‘ems' project template file constructed by an attacker, it can write files to arbitrary directories. This can lead to overwriting system files, … | ||
| CVE-2024-39621 | Hig | 0.52 | 8.0 | 0.01 | Aug 1, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4. | ||
| CVE-2024-4315 | Cri | 0.52 | 9.1 | 0.01 | Jun 12, 2024 | parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\`), allowing attackers to perform directory… | ||
| CVE-2024-31232 | Hig | 0.52 | 8.0 | 0.01 | May 17, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1. | ||
| CVE-2023-5938 | Hig | 0.52 | 8.0 | 0.01 | May 15, 2024 | Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to… | ||
| CVE-2024-28335 | Cri | 0.52 | 9.1 | 0.01 | Mar 27, 2024 | Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the… | ||
| CVE-2024-24591 | — | Hig | 0.52 | 8.0 | 0.01 | Feb 6, 2024 | A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with. | |
| CVE-2023-6021 | — | Hig | 0.52 | 7.5 | 0.37 | Nov 16, 2023 | LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-… | |
| CVE-2023-35169 | — | Cri | 0.52 | 9.0 | 0.03 | Jun 23, 2023 | PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a… | |
| CVE-2020-36566 | Cri | 0.52 | 9.1 | 0.01 | Dec 27, 2022 | Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | ||
| CVE-2020-36561 | — | Cri | 0.52 | 9.1 | 0.01 | Dec 27, 2022 | Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | |
| CVE-2020-36560 | — | Cri | 0.52 | 9.1 | 0.01 | Dec 27, 2022 | Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | |
| CVE-2018-25046 | — | Cri | 0.52 | 9.1 | 0.01 | Dec 27, 2022 | Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. |
- risk 0.52cvss 7.5epss 0.10
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of `path.join` API.
- risk 0.52cvss 9.1epss 0.01
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the handle_files_upload() function in all versions up to, and including, 2.2.1. This…
- risk 0.52cvss 8.0epss 0.00
Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either…
- risk 0.52cvss 7.5epss 0.03
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP01 WP01 wp01 allows Path Traversal.This issue affects WP01: from n/a through <= 2.6.2.
- risk 0.52cvss 9.1epss 0.01
A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, the project name is not validated, allowing an attacker to create a project with a crafted name that…
- risk 0.52cvss 9.1epss 0.01
In invoke-ai/invokeai version v5.0.2, the web API `POST /api/v1/images/delete` is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH…
- risk 0.52cvss 9.1epss 0.01
An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file.
- risk 0.52cvss 8.0epss 0.00
iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal vulnerability. When the software loads a malicious ‘ems' project template file constructed by an attacker, it can write files to arbitrary directories. This can lead to overwriting system files, …
- risk 0.52cvss 8.0epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4.
- risk 0.52cvss 9.1epss 0.01
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\`), allowing attackers to perform directory…
- risk 0.52cvss 8.0epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1.
- risk 0.52cvss 8.0epss 0.01
Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to…
- risk 0.52cvss 9.1epss 0.01
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the…
- risk 0.52cvss 8.0epss 0.01
A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.
- risk 0.52cvss 7.5epss 0.37
LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-…
- risk 0.52cvss 9.0epss 0.03
PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a…
- risk 0.52cvss 9.1epss 0.01
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
- risk 0.52cvss 9.1epss 0.01
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
- risk 0.52cvss 9.1epss 0.01
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
- risk 0.52cvss 9.1epss 0.01
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.