VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 85 of 275
  • CVE-2024-26292HigJul 14, 2025
    risk 0.46cvss epss 0.00

    An authenticated Arbitrary File Deletion vulnerability enables an attacker to delete critical files. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance (SDA+): before 2025.5.1.

  • CVE-2025-34508MedJun 17, 2025
    risk 0.46cvss 6.3epss 0.62

    A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo users, retrieve files on the host system, or cause a denial of service.

  • CVE-2025-3445HigApr 13, 2025
    risk 0.46cvss 8.1epss 0.00

    A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library. When using…

  • CVE-2025-2636HigApr 11, 2025
    risk 0.46cvss 8.1epss 0.10

    The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and…

  • CVE-2025-27147HigMar 25, 2025
    risk 0.46cvss 8.2epss 0.00

    The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 have an improper access…

  • CVE-2024-9597HigMar 20, 2025
    risk 0.46cvss 7.1epss 0.00

    A Path Traversal vulnerability exists in the `/wipe_database` endpoint of parisneo/lollms version v12, allowing an attacker to delete any directory on the system. The vulnerability arises from improper validation of the `key` parameter, which is used to construct file paths. An…

  • CVE-2024-8060HigMar 20, 2025
    risk 0.46cvss 8.1epss 0.01

    OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint `/audio/api/v1/transcriptions` that allows for arbitrary file upload. The application performs insufficient validation on the `file.content_type` and allows user-controlled filenames, leading to a path…

  • CVE-2024-12216HigMar 20, 2025
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the `ImageClassificationDataset.from_csv()` API of the `dmlc/gluon-cv` repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts `tar.gz` files from URLs without proper sanitization, making it susceptible to a TarSlip…

  • CVE-2025-24888HigFeb 13, 2025
    risk 0.46cvss 8.1epss 0.01

    The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to version 0.14.1, a malicious SecureDrop Server could obtain code execution on the SecureDrop Client virtual machine…

  • CVE-2025-1022HigFeb 5, 2025
    risk 0.46cvss 8.2epss 0.00

    Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing…

  • CVE-2024-38819HigDec 19, 2024
    risk 0.46cvss 7.5epss 0.55

    Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the…

  • CVE-2024-10516HigDec 6, 2024
    risk 0.46cvss 8.1epss 0.06

    The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing…

  • CVE-2024-10220HigNov 22, 2024
    risk 0.46cvss 8.1epss 0.03

    The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.

  • CVE-2024-21799HigNov 13, 2024
    risk 0.46cvss 7.1epss 0.01

    Path traversal for some Intel(R) Extension for Transformers software before version 1.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-10005HigOct 30, 2024
    risk 0.46cvss 8.1epss 0.01

    A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.

  • CVE-2024-10011HigOct 25, 2024
    risk 0.46cvss 8.1epss 0.01

    The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the…

  • CVE-2021-27916HigSep 17, 2024
    risk 0.46cvss 8.1epss 0.01

    Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or…

  • CVE-2024-47049HigSep 17, 2024
    risk 0.46cvss 8.2epss 0.01

    The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files.

  • CVE-2024-45388HigSep 2, 2024
    risk 0.46cvss 7.5epss 0.56

    Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The `/api/v2/simulation` POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker…

  • CVE-2024-43395HigAug 16, 2024
    risk 0.46cvss 8.2epss 0.00

    CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files…