VYPR

CWE-73

External Control of File Name or Path

BaseDraftLikelihood: High

Description

The product allows user input to control or influence paths or file names that are used in filesystem operations.

Hierarchy (View 1000)

Children

Related attack patterns (CAPEC)

CAPEC-13 · CAPEC-267 · CAPEC-64 · CAPEC-72 · CAPEC-76 · CAPEC-78 · CAPEC-79 · CAPEC-80

CVEs mapped to this weakness (245)

page 6 of 13
  • CVE-2026-3892HigMay 14, 2026
    risk 0.46cvss 8.1epss 0.00

    The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any…

  • CVE-2026-41693HigMay 8, 2026
    risk 0.46cvss 8.2epss 0.00

    i18next-fs-backend is a backend layer for i18next using in Node.js and for Deno to load translations from the filesystem. Prior to version 2.6.4, i18next-fs-backend substitutes the lng and ns options directly into the configured loadPath / addPath templates and then read / write…

  • CVE-2026-35032HigApr 14, 2026
    risk 0.46cvss 8.1epss 0.00

    Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint (POST /LiveTv/TunerHosts), where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request…

  • CVE-2026-5053HigApr 11, 2026
    risk 0.46cvss 7.1epss 0.00

    NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2026-34783HigApr 6, 2026
    risk 0.46cvss 8.1epss 0.01

    Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an…

  • CVE-2026-34522HigApr 2, 2026
    risk 0.46cvss 8.1epss 0.00

    SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an…

  • CVE-2026-33989HigMar 27, 2026
    risk 0.46cvss 8.1epss 0.00

    Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output`…

  • CVE-2026-26158HigFeb 11, 2026
    risk 0.46cvss 7.0epss 0.00

    A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this…

  • CVE-2025-62611HigOct 22, 2025
    risk 0.46cvss epss 0.00

    aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to…

  • CVE-2025-10058HigSep 17, 2025
    risk 0.46cvss 8.1epss 0.01

    The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the upload_function() function in all versions up to, and including, 7.27. This makes it possible for authenticated…

  • CVE-2025-27147HigMar 25, 2025
    risk 0.46cvss 8.2epss 0.00

    The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 have an improper access…

  • CVE-2026-54134higJun 23, 2026
    risk 0.45cvss epss

    ### Impact OctoPrint versions up until and including 1.11.7 as well as 2.0.0rc1 and 2.0.0rc2 contain a vulnerability that allows an attacker with the `FILE_UPLOAD` permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload…

  • CVE-2026-34030MedJun 15, 2026
    risk 0.45cvss epss 0.00

    The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile…

  • CVE-2022-4983MedNov 12, 2025
    risk 0.45cvss epss 0.00

    TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode11.ocx ActiveX/OCX control's licensing handling (INI-file based) that can be abused to cause remote creation of files on the host filesystem. Depending on where files can be created and which filenames are…

  • CVE-2025-0109MedFeb 12, 2025
    risk 0.45cvss epss 0.01

    An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and…

  • CVE-2024-29800HigMay 14, 2024
    risk 0.45cvss 8.0epss 0.00

    Deserialization of Untrusted Data vulnerability in Timber Team & Contributors Timber.This issue affects Timber: from n/a through 1.23.0.

  • CVE-2026-42845HigMay 11, 2026
    risk 0.43cvss epss 0.01

    The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload (GHSA-w4rc-p66m-x6qq). Public form uploads now strip path components from the POST-supplied filename and hard-block page-content…

  • CVE-2025-54780HigAug 5, 2025
    risk 0.43cvss 7.7epss 0.00

    The glpi-screenshot-plugin allows users to take screenshots or screens recording directly from GLPI. In versions below 2.0.2, authenticated user can use the /ajax/screenshot.php endpoint to leak files from the system or use PHP wrappers. This is fixed in version 2.0.2.

  • CVE-2026-45088HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated…

  • CVE-2025-0898MedMay 27, 2026
    risk 0.42cvss 6.5epss 0.00

    The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of…