VYPR

CWE-26

Path Traversal: '/dir/../filename'

VariantDraft

Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences that can resolve to a location that is outside of that directory.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (7)

  • CVE-2024-28064CriMay 18, 2024
    risk 0.64cvss 9.8epss 0.01

    Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages).

  • CVE-2026-42196CriMay 12, 2026
    risk 0.57cvss epss 0.01

    django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load…

  • CVE-2024-29466HigApr 30, 2024
    risk 0.57cvss 8.8epss 0.01

    Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component.

  • CVE-2025-25295HigFeb 14, 2025
    risk 0.50cvss epss 0.01

    Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These…

  • CVE-2025-53908HigJul 16, 2025
    risk 0.47cvss epss 0.00

    RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the `/api/raw` endpoint. Anyone running the latest version of RomM and has multiple users, even unprivileged users, such as the kiosk…

  • CVE-2026-46747MedJun 9, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal through crafted input, enabling…

  • CVE-2024-25466Feb 16, 2024
    risk 0.00cvss epss 0.01

    Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.