VYPR

CWE-23

Relative Path Traversal

BaseDraft

Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-139 · CAPEC-76

CVEs mapped to this weakness (193)

page 7 of 10
  • CVE-2024-2318MedMar 8, 2024
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input…

  • CVE-2025-66386MedNov 28, 2025
    risk 0.27cvss 4.1epss 0.00

    app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin.

  • CVE-2025-60023MedOct 23, 2025
    risk 0.26cvss 4.0epss 0.00

    A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine.

  • CVE-2025-59776MedOct 23, 2025
    risk 0.26cvss 4.0epss 0.00

    A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine.

  • CVE-2014-8883medAug 31, 2020
    risk 0.26cvss epss 0.01

    All versions of the static file server module nhouston are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory. ## Recommendation It is recommended that a different module be used, as we have been unable…

  • CVE-2020-5410KEVJun 2, 2020
    risk 0.23cvss epss 0.96

    Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a…

  • CVE-2026-42085MedMay 4, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that allows saving tool configuration files at…

  • CVE-2025-1584MedFeb 23, 2025
    risk 0.21cvss 4.3epss 0.01

    A vulnerability classified as problematic was found in opensolon Solon up to 3.0.8. This vulnerability affects unknown code of the file solon-projects/solon-web/solon-web-staticfiles/src/main/java/org/noear/solon/web/staticfiles/StaticMappings.java. The manipulation leads to…

  • CVE-2025-55013MedAug 9, 2025
    risk 0.20cvss 4.2epss 0.01

    The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client (task_handler.py) accepts a SHA-256 value returned by the service server and uses it…

  • CVE-2026-1762LowFeb 10, 2026
    risk 0.19cvss 2.9epss 0.00

    A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.

  • CVE-2023-42456LowSep 21, 2023
    risk 0.14cvss 3.3epss 0.01

    Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the…

  • CVE-2026-21620LowFeb 20, 2026
    risk 0.08cvss epss 0.00

    Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program…

  • CVE-2020-5405Mar 5, 2020
    risk 0.07cvss epss 0.69

    Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a…

  • CVE-2020-5284Mar 30, 2020
    risk 0.06cvss epss 0.43

    Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets…

  • CVE-2012-5972Jan 17, 2013
    risk 0.03cvss epss 0.05

    Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.

  • CVE-2026-10720Jun 19, 2026
    risk 0.00cvss epss 0.00

    Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster…

  • CVE-2026-47680Jun 5, 2026
    risk 0.00cvss epss 0.00

    ### Impact An actor with the ability to influence the contents of a bucket referenced by a `Bucket` resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by…

  • CVE-2026-29778Mar 7, 2026
    risk 0.00cvss epss 0.01

    pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the edit_package() function implements insufficient sanitization for the pack_folder parameter. The current protection relies on a single-pass string replacement of…

  • CVE-2026-28459Mar 5, 2026
    risk 0.00cvss epss 0.00

    OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create…

  • CVE-2026-25951Feb 9, 2026
    risk 0.00cvss epss 0.01

    FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal…