VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 48 of 275
  • CVE-2026-6381HigMay 18, 2026
    risk 0.49cvss 7.5epss 0.00

    The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file path, allowing authenticated users to perform Local File Inclusion attacks.

  • CVE-2018-25326HigMay 17, 2026
    risk 0.49cvss 7.5epss 0.01

    Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype…

  • CVE-2018-25325HigMay 17, 2026
    risk 0.49cvss 7.5epss 0.01

    Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX action. Attackers can craft POST requests with directory traversal sequences in…

  • CVE-2021-47977HigMay 16, 2026
    risk 0.49cvss 7.5epss 0.01

    WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicator_download action via…

  • CVE-2026-41552HigMay 15, 2026
    risk 0.49cvss 7.5epss 0.01

    PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This…

  • CVE-2026-6403HigMay 15, 2026
    risk 0.49cvss 7.5epss 0.01

    The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckply_zip_theme() function, which appends a user-controlled 'stylesheet' parameter directly to the theme root…

  • CVE-2026-44522HigMay 14, 2026
    risk 0.49cvss epss 0.01

    Note Mark is an open-source note-taking application. From 0.13.0 to before 0.19.4, the Note Mark application allows authenticated users to upload assets to notes via POST /api/notes/{noteID}/assets, where the asset filename is provided through the X-Name HTTP request header.…

  • CVE-2020-37219HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.01

    Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax_files method with path traversal sequences to enumerate files…

  • CVE-2025-65418HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.01

    docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url.

  • CVE-2026-41690HigMay 8, 2026
    risk 0.49cvss 8.6epss 0.00

    18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Versions prior to 3.9.3 allow an unauthenticated HTTP client to pollute Object.prototype in the Node.js process hosting the middleware, via two unvalidated…

  • CVE-2026-43533HigMay 5, 2026
    risk 0.49cvss 8.6epss 0.00

    OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local…

  • CVE-2022-50992HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.01

    Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the…

  • CVE-2026-42520HigApr 29, 2026
    risk 0.49cvss 7.5epss 0.00

    Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code…

  • CVE-2026-30351HigApr 27, 2026
    risk 0.49cvss 7.5epss 0.00

    A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences.

  • CVE-2026-6903HigApr 23, 2026
    risk 0.49cvss 7.5epss 0.00

    The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system…

  • CVE-2026-40062HigApr 23, 2026
    risk 0.49cvss 7.5epss 0.01

    A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated attacker may get sensitive information on the operating system.

  • CVE-2026-4659HigApr 17, 2026
    risk 0.49cvss 7.5epss 0.01

    The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative() and urlToPath()…

  • CVE-2026-30996HigApr 15, 2026
    risk 0.49cvss 7.5epss 0.01

    An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request.

  • CVE-2026-35204HigApr 9, 2026
    risk 0.49cvss 8.6epss 0.00

    Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. To prevent this, validate that the plugin.yaml of the…

  • CVE-2026-35615HigApr 7, 2026
    risk 0.49cvss 7.5epss 0.00

    PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath() first, which collapses .. sequences, then checks for '..' in normalized. Since .. is already collapsed, the check always passes. This makes the check completely useless and…