VYPR

CWE-29

Path Traversal: '\..\filename'

VariantIncomplete

Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (41)

page 1 of 3
  • CVE-2024-7957CriMar 20, 2025
    risk 0.59cvss 9.1epss 0.01

    An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the load_credentials method, where user-controlled input for realm_name and zuliprc_content is used to construct file paths…

  • CVE-2025-15036CriMar 30, 2026
    risk 0.58cvss 10.0epss 0.01

    A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member…

  • CVE-2026-24217HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.01

    NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

  • CVE-2024-5443CriJun 22, 2024
    risk 0.57cvss 9.8epss 0.01

    CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension` endpoint, where a path traversal issue allows attackers to navigate beyond the…

  • CVE-2024-2356CriFeb 2, 2026
    risk 0.55cvss 9.6epss 0.01

    A Local File Inclusion (LFI) vulnerability exists in the '/reinstall_extension' endpoint of the parisneo/lollms-webui application, specifically within the `name` parameter of the `@router.post("/reinstall_extension")` route. This vulnerability allows attackers to inject a…

  • CVE-2024-21542HigDec 10, 2024
    risk 0.49cvss 8.6epss 0.01

    Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.

  • CVE-2025-12790HigNov 6, 2025
    risk 0.48cvss 7.4epss 0.00

    A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.

  • CVE-2024-6139HigJun 27, 2024
    risk 0.47cvss 7.3epss 0.01

    A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of…

  • CVE-2025-50185HigJul 26, 2025
    risk 0.46cvss epss 0.00

    DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their…

  • CVE-2026-5627HigApr 7, 2026
    risk 0.40cvss 7.2epss 0.01

    A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `AgentFlows` component. The vulnerability arises from improper handling of user input in the `loadFlow` and `deleteFlow` methods in…

  • CVE-2024-8982MedMar 20, 2025
    risk 0.40cvss 6.2epss 0.01

    A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. This flaw could expose internal server files and potentially sensitive information such as configuration files, passwords,…

  • CVE-2025-50184HigJul 26, 2025
    risk 0.39cvss epss 0.01

    DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the…

  • CVE-2026-10732MedJun 5, 2026
    risk 0.35cvss 6.4epss 0.00

    All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the…

  • CVE-2023-6021Nov 16, 2023
    risk 0.07cvss epss 0.37

    LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-…

  • CVE-2023-6038Nov 16, 2023
    risk 0.05cvss epss 0.04

    A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require…

  • CVE-2025-6209Jul 7, 2025
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the…

  • CVE-2024-8769Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal. The `run_hash` parameter, which is user-controllable, is concatenated without normalization as part of a path used to…

  • CVE-2024-10648Mar 20, 2025
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format of the audio file, leading to arbitrary file content deletion. By manipulating the output format, an…

  • CVE-2024-8537Mar 20, 2025
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input…

  • CVE-2024-7033Mar 20, 2025
    risk 0.00cvss epss 0.01

    In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the download_model endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations…