Total
7576 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27299 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Asia MyTicket Events allows Path Traversal. This issue affects MyTicket Events: from n/a through 1.2.4. | ||||
| CVE-2024-10933 | 1 Openbsd | 1 Openbsd | 2025-07-12 | 5 Medium |
| In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems. | ||||
| CVE-2024-52056 | 1 Wowza | 1 Streaming Engine | 2025-07-12 | N/A |
| Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to delete any directory on the file system if the target directory contains an XML definition file. | ||||
| CVE-2024-52054 | 1 Wowza | 1 Streaming Engine | 2025-07-12 | N/A |
| Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system. | ||||
| CVE-2025-3317 | 1 Fumiao | 1 Opencms | 2025-07-12 | 4.3 Medium |
| A vulnerability classified as problematic has been found in fumiao opencms up to a0fafa5cff58719e9b27c2a2eec204cc165ce14f. Affected is an unknown function of the file opencms-dev/src/main/webapp/view/admin/document/dataPage.jsp. The manipulation of the argument path leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | ||||
| CVE-2025-23562 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound XLSXviewer allows Path Traversal. This issue affects XLSXviewer: from n/a through 2.1.1. | ||||
| CVE-2024-13897 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| The Moving Media Library plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the generate_json_page function in all versions up to, and including, 1.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2025-3065 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.1 Critical |
| The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2025-31800 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in publitio Publitio allows Path Traversal. This issue affects Publitio: from n/a through 2.1.8. | ||||
| CVE-2024-6085 | 1 Parisneo | 1 Lollms | 2025-07-12 | N/A |
| A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be bypassed by changing the root folder to '/'. This allows attackers to read arbitrary files on the system. Additionally, the output folders can be changed to write arbitrary audio files to any location on the system. | ||||
| CVE-2024-30270 | 1 Mailcow | 1 Mailcow Dockerized | 2025-07-12 | 6.2 Medium |
| mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the `rspamd_maps()` function. It allows authenticated admin users to overwrite any file writable by the www-data user by exploiting improper path validation. The exploit chain can lead to the execution of arbitrary commands on the server. Version 2024-04 contains a patch for the issue. | ||||
| CVE-2024-56248 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.9 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Webdeclic WPMasterToolKit allows Path Traversal.This issue affects WPMasterToolKit: from n/a through 1.13.1. | ||||
| CVE-2025-30594 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound Include URL allows Path Traversal. This issue affects Include URL: from n/a through 0.3.5. | ||||
| CVE-2024-47266 | 1 Synology | 1 Active Backup For Business | 2025-07-12 | 2.7 Low |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to read specific files containing non-sensitive information via unspecified vectors. | ||||
| CVE-2024-2227 | 1 Sailpoint | 1 Identityiq | 2025-07-12 | 10 Critical |
| This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the remediation announced in May 2021 tracked by ETN IIQSAW-3585 and January 2024 tracked by IIQFW-336. This vulnerability in IdentityIQ is assigned CVE-2024-2227. | ||||
| CVE-2024-34060 | 1 Dfir-iris | 1 Iris | 2025-07-12 | 8.8 High |
| IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The `iris-evtx-module` is a pipeline plugin of `iris-web` that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely handled and may cause an Arbitrary File Write. This can lead to a remote code execution (RCE) when combined with a Server Side Template Injection (SSTI). This vulnerability has been patched in version 1.0.0. | ||||
| CVE-2024-56509 | 1 Dgtlmoon | 1 Changedetection.io | 2025-07-12 | 8.6 High |
| changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read (LFR) or path traversal attacks. These vulnerabilities occur when user input is used to construct file paths without adequate sanitization or validation. For example, using file:../../../etc/passwd or file: ///etc/passwd can bypass weak validations and allow unauthorized access to sensitive files. Even though this has been addressed in previous patch, it is still insufficient. This vulnerability is fixed in 0.48.05. | ||||
| CVE-2024-38715 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ExS ExS Widgets allows PHP Local File Inclusion.This issue affects ExS Widgets: from n/a through 0.3.1. | ||||
| CVE-2024-9146 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.9 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in James Low CSS JS Files allows Path Traversal.This issue affects CSS JS Files: from n/a through 1.5.0. | ||||
| CVE-2025-30841 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.9 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock allows Remote Code Inclusion. This issue affects Countdown & Clock: from n/a through 2.8.8. | ||||