VYPR

CWE-23

Relative Path Traversal

BaseDraft

Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-139 · CAPEC-76

CVEs mapped to this weakness (193)

page 6 of 10
  • CVE-2023-23391MedMar 14, 2023
    risk 0.36cvss 5.5epss 0.01

    Office for Android Spoofing Vulnerability

  • CVE-2026-39378MedApr 21, 2026
    risk 0.35cvss 6.5epss 0.00

    The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references.…

  • CVE-2025-8464MedAug 16, 2025
    risk 0.35cvss 5.3epss 0.01

    The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7_guest_user_id cookie. This makes it possible for unauthenticated attackers to upload and delete files…

  • CVE-2025-24343MedApr 30, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request.

  • CVE-2024-9405MedOct 1, 2024
    risk 0.35cvss 5.3epss 0.00

    An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or…

  • CVE-2024-34712MedMay 14, 2024
    risk 0.35cvss 6.5epss 0.01

    Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as `Client.rest.channels.removeBan` is not url-encoded, resulting in specially crafted input such as `../../../channels/{id}` being normalized into the url…

  • CVE-2025-13199MedNov 15, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in code-projects Email Logging Interface 2.0. Affected is an unknown function of the file signup.cpp. The manipulation of the argument Username results in path traversal: '../filedir'. The attack is only possible with local access. The exploit has been…

  • CVE-2025-1086MedFeb 7, 2025
    risk 0.34cvss 5.3epss 0.01

    A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has…

  • CVE-2026-10074MedMay 29, 2026
    risk 0.32cvss 4.9epss 0.00

    DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files.

  • CVE-2026-31927MedApr 17, 2026
    risk 0.32cvss 4.9epss 0.00

    Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debug‑setting changes

  • CVE-2025-32137MedApr 4, 2025
    risk 0.32cvss 4.9epss 0.01

    Relative Path Traversal vulnerability in Cristián Lávaque s2Member s2member allows Path Traversal.This issue affects s2Member: from n/a through <= 250419.

  • CVE-2024-3122MedJul 1, 2024
    risk 0.32cvss 4.9epss 0.01

    CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system.

  • CVE-2024-22398MedMar 14, 2024
    risk 0.32cvss 4.9epss 0.01

    An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance…

  • CVE-2026-24909MedJan 27, 2026
    risk 0.31cvss 5.9epss 0.00

    vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction.

  • CVE-2025-64714MedNov 13, 2025
    risk 0.31cvss 5.8epss 0.00

    PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, an unauthenticated Local File Inclusion exists in the template-switching feature. If `templateselection` is enabled in the configuration,…

  • CVE-2018-5448MedMay 4, 2018
    risk 0.31cvss 4.8epss 0.01

    Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system.

  • CVE-2025-2961MedMar 30, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in opensolon up to 3.1.0. This vulnerability affects the function render_mav of the file /aa of the component org.noear.solon.core.handle.RenderManager. The manipulation of the argument template with the input…

  • CVE-2025-0225MedJan 5, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/ClassFy/exampleDownload.html. The manipulation of the argument name leads to…

  • CVE-2024-13130MedJan 5, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The…

  • CVE-2024-12897MedDec 23, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path…