Total
8119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10804 | 2025-03-07 | N/A | 7.5 HIGH | ||
| The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2025-22786 | 1 Elementinvader | 1 Elementinvader Addons For Elementor | 2025-03-06 | N/A | 7.5 HIGH |
| Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6. | |||||
| CVE-2024-36117 | 1 Reposilite | 1 Reposilite | 2025-03-06 | N/A | 8.6 HIGH |
| Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074. | |||||
| CVE-2024-36116 | 1 Reposilite | 1 Reposilite | 2025-03-06 | N/A | 7.5 HIGH |
| Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the javadoc archive into the server's file system and return its content. The problem is in the way how the archives are expanded, specifically how the new filename is created. The `file.name` taken from the archive can contain path traversal characters, such as '/../../../anything.txt', so the resulting extraction path can be outside the target directory. If the archive is taken from an untrusted source, such as Maven Central or JitPack for example, an attacker can craft a special archive to overwrite any local file on Reposilite instance. This could lead to remote code execution, for example by placing a new plugin into the '$workspace$/plugins' directory. Alternatively, an attacker can overwrite the content of any other package. Note that the attacker can use its own malicious package from Maven Central to overwrite any other package on Reposilite. Reposilite has addressed this issue in version 3.5.12. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-073. | |||||
| CVE-2024-33541 | 1 Kitforest | 1 Better Elementor Addons | 2025-03-06 | N/A | 6.5 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BetterAddons Better Elementor Addons allows PHP Local File Inclusion.This issue affects Better Elementor Addons: from n/a through 1.4.1. | |||||
| CVE-2024-13894 | 2025-03-06 | N/A | N/A | ||
| Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal. When an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at specific moments by providing paths to the files. However, the directories to which a user has access are not limited, allowing for path traversal attacks and downloading sensitive information. The vendor has not replied to reports, so the patching status remains unknown. Newer firmware versions might be vulnerable as well. | |||||
| CVE-2024-13897 | 2025-03-06 | N/A | 6.5 MEDIUM | ||
| The Moving Media Library plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the generate_json_page function in all versions up to, and including, 1.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | |||||
| CVE-2023-26111 | 2 \@nubosoftware\/node-static Project, Node-static Project | 2 \@nubosoftware\/node-static, Node-static | 2025-03-05 | N/A | 7.5 HIGH |
| All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function. | |||||
| CVE-2022-45374 | 1 Yarpp | 1 Yet Another Related Posts Plugin | 2025-03-05 | N/A | 7.7 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4. | |||||
| CVE-2025-24494 | 2025-03-05 | N/A | 7.2 HIGH | ||
| Path traversal may allow remote code execution using privileged account (requires device admin account, cannot be performed by a regular user). In combination with the 'Upload' functionality this could be used to execute an arbitrary script or possibly an uploaded binary. Remediation in Version 6.7.0, release date: 20-Oct-24. | |||||
| CVE-2025-23416 | 2025-03-05 | N/A | 4.9 MEDIUM | ||
| Path traversal may lead to arbitrary file deletion. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25. | |||||
| CVE-2025-21095 | 2025-03-05 | N/A | 4.9 MEDIUM | ||
| Path traversal may lead to arbitrary file download. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25. | |||||
| CVE-2024-53676 | 1 Hpe | 1 Insight Remote Support | 2025-03-05 | N/A | 9.8 CRITICAL |
| A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution. | |||||
| CVE-2024-13471 | 2025-03-05 | N/A | 7.5 HIGH | ||
| The DesignThemes Core Features plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dt_process_imported_file function in all versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to read arbitrary files on the underlying operating system. | |||||
| CVE-2021-33353 | 1 Wyomind | 1 Help Desk | 2025-03-04 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting. | |||||
| CVE-2025-1106 | 1 Cmseasy | 1 Cmseasy | 2025-03-04 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletedir_action/restore_action in the library lib/admin/database_admin.php. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-52054 | 3 Linux, Microsoft, Wowza | 3 Linux Kernel, Windows, Streaming Engine | 2025-03-03 | N/A | 2.7 LOW |
| Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system. | |||||
| CVE-2024-52055 | 3 Linux, Microsoft, Wowza | 3 Linux Kernel, Windows, Streaming Engine | 2025-03-03 | N/A | 4.9 MEDIUM |
| Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file. | |||||
| CVE-2024-52056 | 3 Linux, Microsoft, Wowza | 3 Linux Kernel, Windows, Streaming Engine | 2025-03-03 | N/A | 6.5 MEDIUM |
| Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to delete any directory on the file system if the target directory contains an XML definition file. | |||||
| CVE-2024-1886 | 1 Lg | 1 Webos Signage | 2025-03-03 | N/A | 3.0 LOW |
| This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage. | |||||