VYPR

CWE-24

Path Traversal: '../filedir'

VariantIncomplete

Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (37)

page 1 of 2
  • CVE-2026-39813CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.17

    A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via

  • CVE-2023-6699CriJan 11, 2024
    risk 0.59cvss 9.1epss 0.01

    The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the…

  • CVE-2025-60344HigOct 21, 2025
    risk 0.56cvss 8.6epss 0.10

    A path traversal (directory traversal) vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path resolution (e.g., via sequences such as “../”). Successful exploitation may allow access…

  • CVE-2026-49103CriMay 27, 2026
    risk 0.54cvss epss 0.00

    Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi.

  • CVE-2023-53691HigOct 22, 2025
    risk 0.54cvss 8.3epss 0.01

    Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025.

  • CVE-2026-28427HigMar 4, 2026
    risk 0.49cvss 7.5epss 0.00

    OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1, the service listening on port 57118 serves static files for installed plugins but does not properly sanitize path components. By including ../ sequences in the request path, an attacker can traverse outside…

  • CVE-2026-40318HigApr 16, 2026
    risk 0.48cvss 8.5epss 0.00

    SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject…

  • CVE-2025-57618HigOct 14, 2025
    risk 0.48cvss 7.3epss 0.01

    A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web…

  • CVE-2026-22810HigMay 18, 2026
    risk 0.46cvss 8.2epss 0.00

    Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the…

  • CVE-2025-57563MedOct 14, 2025
    risk 0.42cvss 6.5epss 0.00

    A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files.

  • CVE-2025-59049HigSep 10, 2025
    risk 0.42cvss 7.5epss 0.02

    Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented in the documentation page, where the server filename is generated via templating features from user input is vulnerable…

  • CVE-2025-48050HigMay 15, 2025
    risk 0.42cvss 7.5epss 0.00

    In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a…

  • CVE-2026-41082HigApr 16, 2026
    risk 0.40cvss 7.3epss 0.00

    In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.

  • CVE-2025-47423MedMay 7, 2025
    risk 0.38cvss 5.8epss 0.02

    Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the server's private SSL key in cleartext.

  • CVE-2026-33431MedApr 20, 2026
    risk 0.35cvss 6.5epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config//show API endpoint accepts a configver parameter that is directly appended to a base directory path to construct a local file path, which is…

  • CVE-2024-3218MedApr 3, 2024
    risk 0.35cvss 5.4epss 0.01

    A vulnerability classified as critical has been found in Shibang Communications IP Network Intercom Broadcasting System 1.0. This affects an unknown part of the file /php/busyscreenshotpush.php. The manipulation of the argument jsondata[callee]/jsondata[imagename] leads to path…

  • CVE-2025-13199MedNov 15, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in code-projects Email Logging Interface 2.0. Affected is an unknown function of the file signup.cpp. The manipulation of the argument Username results in path traversal: '../filedir'. The attack is only possible with local access. The exploit has been…

  • CVE-2025-1086MedFeb 7, 2025
    risk 0.34cvss 5.3epss 0.01

    A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has…

  • CVE-2025-59342MedSep 17, 2025
    risk 0.32cvss epss 0.03

    esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage location. The header value…

  • CVE-2024-43035MedMar 5, 2026
    risk 0.31cvss 5.8epss 0.02

    Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. NOTE: serveFiles exists in 0.5.5 but not in the next release, 0.6.1.