VYPR

CWE-36

Absolute Path Traversal

BaseDraft

Description

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-597

CVEs mapped to this weakness (55)

page 1 of 3
  • CVE-2024-9924CriOct 14, 2024
    risk 0.64cvss 9.8epss 0.01

    The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently .

  • CVE-2025-0851CriJan 29, 2025
    risk 0.59cvss 9.8epss 0.23

    A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.

  • CVE-2025-7846HigOct 31, 2025
    risk 0.57cvss 8.8epss 0.01

    The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the save_fields() function in all versions up to, and including, 16.7. This makes it possible for authenticated attackers, with…

  • CVE-2026-32997HigMay 28, 2026
    risk 0.56cvss epss 0.01

    A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server.

  • CVE-2024-33620HigJun 18, 2024
    risk 0.56cvss 8.6epss 0.01

    Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker.

  • CVE-2026-42315HigMay 11, 2026
    risk 0.53cvss 8.1epss 0.00

    pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_folder", there is no sanitization at all, allowing a user with Perms.MODIFY to…

  • CVE-2024-12646HigDec 16, 2024
    risk 0.53cvss 8.1epss 0.00

    The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could…

  • CVE-2024-12643HigDec 16, 2024
    risk 0.53cvss 8.1epss 0.00

    The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could…

  • CVE-2026-2753HigMar 6, 2026
    risk 0.49cvss 7.5epss 0.00

    An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem…

  • CVE-2024-11978HigNov 29, 2024
    risk 0.49cvss 7.5epss 0.01

    DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.

  • CVE-2024-8497HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.01

    Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials.

  • CVE-2025-9518HigSep 4, 2025
    risk 0.47cvss 7.2epss 0.01

    The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debug_path' parameter in all versions up to, and including, 1.2.22. This makes it possible for authenticated attackers, with Administrator-level access…

  • CVE-2024-48850HigMay 22, 2025
    risk 0.47cvss 7.2epss 0.00

    Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

  • CVE-2025-46822HigMay 21, 2025
    risk 0.47cvss epss 0.04

    OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability…

  • CVE-2024-12644HigDec 16, 2024
    risk 0.46cvss 7.1epss 0.00

    The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use…

  • CVE-2017-7929HigMay 6, 2017
    risk 0.46cvss 7.1epss 0.02

    An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories.

  • CVE-2026-10044HigMay 28, 2026
    risk 0.42cvss 7.5epss 0.01

    Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/{filename} endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or…

  • CVE-2026-4782MedMay 13, 2026
    risk 0.42cvss 6.5epss 0.00

    The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusion_get_svg_from_file' function with the 'custom_svg' parameter of the 'fusion_section_separator' shortcode. This makes it possible for…

  • CVE-2026-35465HigApr 18, 2026
    risk 0.42cvss 7.5epss 0.00

    SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine (sd-app) by…

  • CVE-2026-34515HigApr 1, 2026
    risk 0.42cvss 7.5epss 0.00

    AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4.