VYPR

CWE-23

Relative Path Traversal

BaseDraft

Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-139 · CAPEC-76

CVEs mapped to this weakness (193)

page 4 of 10
  • CVE-2025-52922HigJun 23, 2025
    risk 0.48cvss 7.4epss 0.00

    Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: (1) fully map the filesystem structure via the /api/file_manager/files?base_folder= endpoint, (2) create arbitrary…

  • CVE-2026-7404HigApr 29, 2026
    risk 0.47cvss 7.3epss 0.01

    A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py. This manipulation of the argument detail causes relative path traversal. It…

  • CVE-2026-32725HigMar 31, 2026
    risk 0.47cvss 8.3epss 0.01

    SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before…

  • CVE-2025-55752HigOct 27, 2025
    risk 0.47cvss 7.5epss 0.67

    Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the …

  • CVE-2025-27791HigApr 15, 2025
    risk 0.47cvss epss 0.00

    Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to…

  • CVE-2025-2007HigApr 1, 2025
    risk 0.47cvss 8.1epss 0.01

    The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers,…

  • CVE-2026-34026HigJun 15, 2026
    risk 0.46cvss epss 0.00

    Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without…

  • CVE-2026-48569HigJun 9, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.

  • CVE-2026-48126HigMay 26, 2026
    risk 0.46cvss 8.2epss 0.00

    Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at engine/flags.go:372), the request handler resolves the served directory by joining the configured --dir with the…

  • CVE-2026-22070HigApr 30, 2026
    risk 0.46cvss 7.1epss 0.00

    ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.

  • CVE-2026-39307HigApr 7, 2026
    risk 0.46cvss 8.1epss 0.00

    PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources (e.g., GitHub), the application uses…

  • CVE-2025-24350HigApr 30, 2025
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request.

  • CVE-2024-12019HigMar 14, 2025
    risk 0.46cvss epss 0.00

    The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system. An account with ‘read’ and ‘download’ privileges on at least one existing document in the…

  • CVE-2024-32005HigApr 12, 2024
    risk 0.46cvss 8.2epss 0.01

    NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the `/_nicegui/{__version__}/resources/{key}/{path:path}` route. As a result any file on the backend filesystem which the…

  • CVE-2026-8209MedMay 9, 2026
    risk 0.45cvss epss 0.00

    Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher…

  • CVE-2026-33435HigApr 15, 2026
    risk 0.45cvss 8.0epss 0.01

    Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable…

  • CVE-2024-2461MedJun 11, 2024
    risk 0.45cvss epss 0.01

    If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible

  • CVE-2026-39814MedApr 14, 2026
    risk 0.44cvss 6.7epss 0.00

    A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via <insert…

  • CVE-2025-58456MedOct 23, 2025
    risk 0.44cvss 6.8epss 0.01

    A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine.

  • CVE-2025-59341HigSep 17, 2025
    risk 0.43cvss epss 0.02

    esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the server to read and return files from the host…