VYPR

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

BaseStableLikelihood: High

Description

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79

CVEs mapped to this weakness (5,488)

page 94 of 275
  • CVE-2016-1605MedAug 1, 2016
    risk 0.43cvss 6.5epss 0.04

    Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field.

  • CVE-2016-0784MedApr 11, 2016
    risk 0.43cvss 6.5epss 0.56

    Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.

  • CVE-2026-11442MedJun 13, 2026
    risk 0.42cvss 6.5epss 0.01

    Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists…

  • CVE-2026-6961HigJun 12, 2026
    risk 0.42cvss 7.6epss 0.00

    Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared channel file sync, which allows an attacker who controls a federated server to write files to…

  • CVE-2026-24717MedJun 10, 2026
    risk 0.42cvss 6.5epss 0.00

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the…

  • CVE-2026-44716HigJun 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner (src/pipecat/runner/run.py). When the runner is…

  • CVE-2026-45454MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.02

    Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2026-49233HigJun 8, 2026
    risk 0.42cvss 7.5epss 0.00

    Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator…

  • CVE-2026-9290HigJun 6, 2026
    risk 0.42cvss 7.5epss 0.02

    The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (profile template scope) function. This makes it possible for unauthenticated attackers to include and…

  • CVE-2019-25740MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field_2…

  • CVE-2026-49144MedJun 2, 2026
    risk 0.42cvss 6.5epss 0.00

    BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the _default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files. Attackers can exploit the unauthenticated HTTP server bound on all interfaces…

  • CVE-2026-35718MedJun 2, 2026
    risk 0.42cvss 6.5epss 0.01

    A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request.

  • CVE-2026-49136HigJun 1, 2026
    risk 0.42cvss 7.5epss 0.00

    Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by…

  • CVE-2026-42679MedJun 1, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n/a through 5.3.8.

  • CVE-2026-40547MedJun 1, 2026
    risk 0.42cvss epss 0.00

    SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due…

  • CVE-2018-25421MedMay 30, 2026
    risk 0.42cvss 6.5epss 0.00

    Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences…

  • CVE-2026-10108HigMay 29, 2026
    risk 0.42cvss 7.5epss 0.01

    xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/{file_path:path} endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can…

  • CVE-2018-25393MedMay 29, 2026
    risk 0.42cvss 6.5epss 0.01

    Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate_download.php with path traversal payloads…

  • CVE-2026-49128HigMay 28, 2026
    risk 0.42cvss 7.5epss 0.01

    Music Player Daemon (MPD) before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain…

  • CVE-2026-45017HigMay 28, 2026
    risk 0.42cvss 7.5epss 0.00

    Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template…