CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 84 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34783 | Hig | 0.46 | 8.1 | 0.01 | Apr 6, 2026 | Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an… | ||
| CVE-2026-22661 | Hig | 0.46 | 8.1 | 0.00 | Apr 3, 2026 | prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers… | ||
| CVE-2026-34522 | Hig | 0.46 | 8.1 | 0.00 | Apr 2, 2026 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an… | ||
| CVE-2026-34790 | Hig | 0.46 | 7.1 | 0.01 | Apr 2, 2026 | Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory… | ||
| CVE-2026-4347 | Hig | 0.46 | 8.1 | 0.01 | Apr 2, 2026 | The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generate_user_filepath' function and the 'move_temp_file_to_upload_dir' function in all versions up to, and including, 5.1.0. This makes it possible for… | ||
| CVE-2025-10559 | Hig | 0.46 | 7.1 | 0.00 | Mar 31, 2026 | A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server. | ||
| CVE-2026-32727 | Hig | 0.46 | 8.1 | 0.01 | Mar 31, 2026 | SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot (..) in the scope claim of a token to escape the intended directory restriction. This occurs… | ||
| CVE-2026-33989 | Hig | 0.46 | 8.1 | 0.00 | Mar 27, 2026 | Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output`… | ||
| CVE-2026-2033 | Hig | 0.46 | 8.1 | 0.02 | Feb 20, 2026 | MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this… | ||
| CVE-2025-13699 | Hig | 0.46 | 7.0 | 0.00 | Dec 23, 2025 | MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability… | ||
| CVE-2025-68476 | Hig | 0.46 | — | 0.00 | Dec 22, 2025 | KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault… | ||
| CVE-2025-65025 | Hig | 0.46 | 8.2 | 0.01 | Nov 19, 2025 | esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths… | ||
| CVE-2025-3465 | Hig | 0.46 | 7.1 | 0.00 | Oct 20, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABB CoreSense™ HM, ABB CoreSense™ M10.This issue affects CoreSense™ HM: through 2.3.1; CoreSense™ M10: through 1.4.1.12. | ||
| CVE-2025-62156 | Hig | 0.46 | 8.1 | 0.01 | Oct 14, 2025 | Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the… | ||
| CVE-2025-43813 | Hig | 0.46 | 8.2 | 0.00 | Sep 29, 2025 | Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update… | ||
| CVE-2025-9566 | Hig | 0.46 | 8.1 | 0.01 | Sep 5, 2025 | There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can… | ||
| CVE-2025-52861 | Hig | 0.46 | — | 0.01 | Aug 29, 2025 | A path traversal vulnerability has been reported to affect VioStor. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following… | ||
| CVE-2025-5391 | Hig | 0.46 | 8.1 | 0.01 | Aug 12, 2025 | The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with… | ||
| CVE-2025-7359 | Hig | 0.46 | 8.2 | 0.00 | Jul 16, 2025 | The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitor_get_block function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers… | ||
| CVE-2025-50819 | Hig | 0.46 | 7.1 | 0.00 | Jul 15, 2025 | Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05-06 (commit fad168770b0e68aef3e5acfa16bb2e7a7765d687) when parsing the the topic.yml file in the generation logic in daily_arxiv.py. |
- risk 0.46cvss 8.1epss 0.01
Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an…
- risk 0.46cvss 8.1epss 0.00
prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers…
- risk 0.46cvss 8.1epss 0.00
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an…
- risk 0.46cvss 7.1epss 0.01
Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory…
- risk 0.46cvss 8.1epss 0.01
The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generate_user_filepath' function and the 'move_temp_file_to_upload_dir' function in all versions up to, and including, 5.1.0. This makes it possible for…
- risk 0.46cvss 7.1epss 0.00
A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server.
- risk 0.46cvss 8.1epss 0.01
SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot (..) in the scope claim of a token to escape the intended directory restriction. This occurs…
- risk 0.46cvss 8.1epss 0.00
Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output`…
- risk 0.46cvss 8.1epss 0.02
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this…
- risk 0.46cvss 7.0epss 0.00
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability…
- risk 0.46cvss —epss 0.00
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault…
- risk 0.46cvss 8.2epss 0.01
esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths…
- risk 0.46cvss 7.1epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABB CoreSense™ HM, ABB CoreSense™ M10.This issue affects CoreSense™ HM: through 2.3.1; CoreSense™ M10: through 1.4.1.12.
- risk 0.46cvss 8.1epss 0.01
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the…
- risk 0.46cvss 8.2epss 0.00
Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update…
- risk 0.46cvss 8.1epss 0.01
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can…
- risk 0.46cvss —epss 0.01
A path traversal vulnerability has been reported to affect VioStor. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following…
- risk 0.46cvss 8.1epss 0.01
The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with…
- risk 0.46cvss 8.2epss 0.00
The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitor_get_block function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers…
- risk 0.46cvss 7.1epss 0.00
Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05-06 (commit fad168770b0e68aef3e5acfa16bb2e7a7765d687) when parsing the the topic.yml file in the generation logic in daily_arxiv.py.