VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 6 of 275
  • CVE-2026-20180CriApr 15, 2026
    risk 0.64cvss 9.9epss 0.06

    A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin…

  • CVE-2026-22562CriApr 13, 2026
    risk 0.64cvss 9.8epss 0.01

    A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE). Affected Products: UniFi Play PowerAmp (Version 1.0.35 and…

  • CVE-2019-25687CriApr 5, 2026
    risk 0.64cvss 9.8epss 0.01

    Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious…

  • CVE-2026-30285CriMar 31, 2026
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

  • CVE-2026-30286CriMar 31, 2026
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

  • CVE-2026-30283CriMar 31, 2026
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

  • CVE-2026-30278CriMar 31, 2026
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

  • CVE-2026-4619CriMar 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network.

  • CVE-2019-25471CriMar 11, 2026
    risk 0.64cvss 9.8epss 0.01

    FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files containing PHP shells, use the unzip functionality to extract them into…

  • CVE-2026-2743CriMar 5, 2026
    risk 0.64cvss 9.8epss 0.01

    Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before

  • CVE-2025-50857CriFeb 26, 2026
    risk 0.64cvss 9.8epss 0.02

    ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload

  • CVE-2025-69874CriFeb 11, 2026
    risk 0.64cvss 9.8epss 0.01

    nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.

  • CVE-2025-14301CriJan 14, 2026
    risk 0.64cvss 9.8epss 0.01

    The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the `process_table_bulk_actions()` function processing user-supplied file paths without authentication checks, nonce…

  • CVE-2025-62353CriOct 17, 2025
    risk 0.64cvss 9.8epss 0.01

    A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt injection.

  • CVE-2025-6439CriOct 11, 2025
    risk 0.64cvss 9.8epss 0.01

    The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wcdp_save_canvas_design_ajax' function in all versions up to, and…

  • CVE-2025-7526CriOct 9, 2025
    risk 0.64cvss 9.8epss 0.01

    The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion (via renaming) due to insufficient file path validation in the set_user_profile_image function in all versions up to, and including, 6.6.7. This…

  • CVE-2010-20109HigAug 21, 2025
    risk 0.64cvss epss 0.01

    Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to…

  • CVE-2025-8895CriAug 21, 2025
    risk 0.64cvss 9.8epss 0.01

    The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it possible for unauthenticated attackers to copy arbitrary files on the affected site's server to…

  • CVE-2012-10061HigAug 20, 2025
    risk 0.64cvss epss 0.01

    Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to…

  • CVE-2024-44373CriAug 19, 2025
    risk 0.64cvss 9.8epss 0.01

    A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.06_06 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/save_file.php.