Total
111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46441 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
| Path Traversal: '.../...//' vulnerability in ctltwp Section Widget allows Path Traversal.This issue affects Section Widget: from n/a through 3.3.1. | |||||
| CVE-2025-27010 | 2025-05-21 | N/A | 8.1 HIGH | ||
| Path Traversal: '.../...//' vulnerability in bslthemes Tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a before 2.5.2. | |||||
| CVE-2025-39491 | 2025-05-19 | N/A | 8.1 HIGH | ||
| Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision. | |||||
| CVE-2025-39492 | 2025-05-19 | N/A | 7.5 HIGH | ||
| Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision. | |||||
| CVE-2025-47649 | 2025-05-08 | N/A | 8.8 HIGH | ||
| Path Traversal vulnerability in ilmosys Open Close WooCommerce Store allows PHP Local File Inclusion. This issue affects Open Close WooCommerce Store: from n/a through 4.9.5. | |||||
| CVE-2025-47636 | 2025-05-08 | N/A | 7.5 HIGH | ||
| Path Traversal vulnerability in Fernando Briano List category posts allows PHP Local File Inclusion. This issue affects List category posts: from n/a through 0.90.3. | |||||
| CVE-2025-39470 | 2025-04-21 | N/A | 8.1 HIGH | ||
| Path Traversal: '.../...//' vulnerability in ThimPress Ivy School allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through 1.6.0. | |||||
| CVE-2025-24908 | 2025-04-17 | N/A | 6.8 MEDIUM | ||
| Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. (CWE-35) Description Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.2, including 9.3.x and 8.3.x, do not sanitize a user input used as a file path through the UploadFile service. Impact This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory. | |||||
| CVE-2025-24907 | 2025-04-17 | N/A | 6.8 MEDIUM | ||
| Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. (CWE-35) Description Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.2, including 9.3.x and 8.3.x, do not sanitize a user input used as a file path through the CGG Draw API. Impact This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory. | |||||
| CVE-2025-39598 | 2025-04-16 | N/A | 4.9 MEDIUM | ||
| Path Traversal vulnerability in Quý Lê 91 Administrator Z allows Path Traversal. This issue affects Administrator Z: from n/a through 2025.03.28. | |||||
| CVE-2025-30966 | 2025-04-16 | N/A | 5.4 MEDIUM | ||
| Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a. | |||||
| CVE-2025-32585 | 2025-04-11 | N/A | 7.5 HIGH | ||
| Path Traversal vulnerability in Trusty Plugins Shop Products Filter allows PHP Local File Inclusion. This issue affects Shop Products Filter: from n/a through 1.2. | |||||
| CVE-2025-30014 | 2025-04-08 | N/A | 7.7 HIGH | ||
| SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected. | |||||
| CVE-2024-2863 | 1 Lg | 1 Lg Led Assistant | 2025-04-04 | N/A | 5.3 MEDIUM |
| This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. | |||||
| CVE-2025-30834 | 2025-04-01 | N/A | 7.5 HIGH | ||
| Path Traversal vulnerability in Bit Apps Bit Assist allows Path Traversal. This issue affects Bit Assist: from n/a through 1.5.4. | |||||
| CVE-2024-54362 | 2025-03-28 | N/A | 8.1 HIGH | ||
| Path Traversal vulnerability in NotFound GetShop ecommerce allows Path Traversal. This issue affects GetShop ecommerce: from n/a through 1.3. | |||||
| CVE-2025-0858 | 2025-03-27 | N/A | N/A | ||
| A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure. | |||||
| CVE-2025-26935 | 1 Wpjobportal | 1 Wp Job Portal | 2025-03-25 | N/A | 7.5 HIGH |
| Path Traversal vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion. This issue affects WP Job Portal: from n/a through 2.2.8. | |||||
| CVE-2024-2654 | 1 Filemanagerpro | 1 File Manager | 2025-03-24 | N/A | 6.8 MEDIUM |
| The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information. | |||||
| CVE-2025-26940 | 2025-03-15 | N/A | 6.3 MEDIUM | ||
| Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | |||||