VYPR

CWE-73

External Control of File Name or Path

BaseDraftLikelihood: High

Description

The product allows user input to control or influence paths or file names that are used in filesystem operations.

Hierarchy (View 1000)

Children

Related attack patterns (CAPEC)

CAPEC-13 · CAPEC-267 · CAPEC-64 · CAPEC-72 · CAPEC-76 · CAPEC-78 · CAPEC-79 · CAPEC-80

CVEs mapped to this weakness (245)

page 10 of 13
  • CVE-2025-4602MedMay 24, 2025
    risk 0.31cvss 5.9epss 0.01

    The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the get_file() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the…

  • CVE-2026-40605MedJun 4, 2026
    risk 0.30cvss epss 0.00

    Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary…

  • CVE-2026-42424MedApr 28, 2026
    risk 0.30cvss 5.7epss 0.00

    OpenClaw before 2026.4.8 treats shared reply MEDIA paths as trusted, allowing crafted references to trigger cross-channel local file exfiltration. Attackers can exploit this by crafting malicious shared reply MEDIA references to cause another channel to read local file paths as…

  • CVE-2026-23835MedJan 30, 2026
    risk 0.30cvss epss 0.00

    LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in `Knowledge Base > File Upload` does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is…

  • CVE-2026-46383MedMay 15, 2026
    risk 0.29cvss 5.5epss 0.01

    Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes.…

  • CVE-2026-41177MedApr 22, 2026
    risk 0.29cvss 5.5epss 0.00

    Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery (SSRF). The application fails to validate the URI scheme of the user-supplied `Url`…

  • CVE-2025-22241MedJun 13, 2025
    risk 0.29cvss 5.6epss 0.00

    File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization…

  • CVE-2024-27175MedJun 14, 2024
    risk 0.29cvss 4.4epss 0.01

    Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. An attacker can read any file on the printer. As for the affected products/models/versions, see the reference URL.

  • CVE-2026-40421MedMay 12, 2026
    risk 0.28cvss 4.3epss 0.01

    Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

  • CVE-2026-42593MedMay 14, 2026
    risk 0.27cvss 5.3epss 0.00

    Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf…

  • CVE-2026-40086MedApr 10, 2026
    risk 0.27cvss 5.3epss 0.01

    Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious model_path parameter,…

  • CVE-2025-12656LowJun 6, 2026
    risk 0.25cvss 3.8epss 0.00

    The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_site() function in all versions up to, and including, 0.9.128. This makes it…

  • CVE-2025-12137MedNov 1, 2025
    risk 0.25cvss 4.9epss 0.00

    The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper…

  • CVE-2025-10306LowOct 3, 2025
    risk 0.25cvss 3.8epss 0.00

    The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process_backup_batch() function. This makes it possible for authenticated attackers, with Administrator-level access and…

  • CVE-2025-27137MedFeb 24, 2025
    risk 0.22cvss 4.4epss 0.00

    Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the `SYSTEM_CONFIGURATION` permission to customize notification templates. Templates are evaluated using the…

  • CVE-2026-0965LowMar 26, 2026
    risk 0.21cvss 3.3epss 0.00

    A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by…

  • CVE-2025-8998LowNov 11, 2025
    risk 0.20cvss 3.1epss 0.00

    It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account.

  • CVE-2025-12654LowDec 21, 2025
    risk 0.18cvss 2.7epss 0.00

    The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the check_filesystem_permissions() function not properly restricting the directories…

  • CVE-2025-58769LowOct 1, 2025
    risk 0.14cvss 3.3epss 0.00

    auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept…

  • CVE-2024-10492LowNov 25, 2024
    risk 0.11cvss 2.7epss 0.01

    A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example,…