VYPR

CWE-23

Relative Path Traversal

BaseDraft

Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-139 · CAPEC-76

CVEs mapped to this weakness (193)

page 1 of 10
  • CVE-2024-27199HigKEVMar 4, 2024
    risk 0.73cvss 7.3epss 1.00

    In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

  • CVE-2023-6825CriMar 13, 2024
    risk 0.70cvss 9.9epss 0.06

    The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function.…

  • CVE-2026-8326CriMay 29, 2026
    risk 0.65cvss epss 0.00

    Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection.  Depending on implementation, the vulnerability…

  • CVE-2023-3941CriMay 21, 2024
    risk 0.65cvss 10.0epss 0.01

    Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the…

  • CVE-2012-6069CriJan 21, 2013
    risk 0.65cvss 10.0epss 0.03

    The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the …

  • CVE-2025-62878CriFeb 25, 2026
    risk 0.64cvss 9.9epss 0.01

    A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.

  • CVE-2025-3365CriJun 6, 2025
    risk 0.64cvss 9.8epss 0.01

    A missing protection against path traversal allows to access any file on the server.

  • CVE-2025-23410CriMar 5, 2025
    risk 0.64cvss 9.8epss 0.01

    When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types.

  • CVE-2017-9664CriMay 24, 2018
    risk 0.64cvss 9.8epss 0.03

    In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP…

  • CVE-2025-41268CriMay 29, 2026
    risk 0.59cvss 9.1epss 0.00

    Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines.

  • CVE-2026-41551CriMay 12, 2026
    risk 0.59cvss 9.1epss 0.00

    A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device.

  • CVE-2025-20059CriFeb 20, 2025
    risk 0.59cvss 9.1epss 0.01

    Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9.

  • CVE-2026-33494CriMar 26, 2026
    risk 0.58cvss 10.0epss 0.01

    ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path…

  • CVE-2025-52207CriJun 27, 2025
    risk 0.58cvss 9.9epss 0.01

    PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory.

  • CVE-2017-0918HigMar 21, 2018
    risk 0.58cvss 8.8epss 0.05

    Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.

  • CVE-2026-42196CriMay 12, 2026
    risk 0.57cvss epss 0.01

    django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load…

  • CVE-2025-62498HigOct 23, 2025
    risk 0.57cvss 8.8epss 0.01

    A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened.

  • CVE-2025-7619HigJul 14, 2025
    risk 0.57cvss 8.8epss 0.01

    BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability. If a user visits a malicious website while the application is running, remote attackers can write arbitrary files to any path and potentially lead to arbitrary code…

  • CVE-2024-3497HigJun 14, 2024
    risk 0.57cvss 8.8epss 0.01

    Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL.

  • CVE-2024-33615HigMay 15, 2024
    risk 0.57cvss 8.8epss 0.01

    A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution.