Total
139 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10857 | 1 Tychesoftwares | 1 Product Input Fields For Woocommerce | 2025-07-09 | N/A | 6.5 MEDIUM |
| The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2025-52805 | 2025-07-08 | N/A | 7.5 HIGH | ||
| Path Traversal vulnerability in VaultDweller Leyka allows PHP Local File Inclusion. This issue affects Leyka: from n/a through 3.31.9. | |||||
| CVE-2025-40573 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-07-08 | N/A | 4.4 MEDIUM |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder. | |||||
| CVE-2025-52811 | 2025-06-30 | N/A | 8.1 HIGH | ||
| Path Traversal vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme allows PHP Local File Inclusion. This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through 1.3. | |||||
| CVE-2025-52810 | 2025-06-30 | N/A | 8.1 HIGH | ||
| Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1. | |||||
| CVE-2025-49451 | 2025-06-17 | N/A | 7.5 HIGH | ||
| Path Traversal vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery allows Path Traversal. This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through 1.0.12. | |||||
| CVE-2025-27445 | 2025-06-17 | N/A | 5.4 MEDIUM | ||
| A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files | |||||
| CVE-2025-39475 | 2025-06-12 | N/A | 8.1 HIGH | ||
| Path Traversal vulnerability in Frenify Arlo allows PHP Local File Inclusion. This issue affects Arlo: from n/a through 6.0.3. | |||||
| CVE-2025-22205 | 1 Admiror-design-studio | 1 Admiror Gallery | 2025-06-04 | N/A | 7.5 HIGH |
| Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x. | |||||
| CVE-2025-5598 | 2025-06-04 | N/A | N/A | ||
| Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve Embedded Sensitive Data.This issue affects airleader MASTER: 3.0046. | |||||
| CVE-2024-40505 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2025-05-29 | N/A | 9.3 CRITICAL |
| Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. | |||||
| CVE-2025-46441 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
| Path Traversal: '.../...//' vulnerability in ctltwp Section Widget allows Path Traversal.This issue affects Section Widget: from n/a through 3.3.1. | |||||
| CVE-2025-27010 | 2025-05-21 | N/A | 8.1 HIGH | ||
| Path Traversal: '.../...//' vulnerability in bslthemes Tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a before 2.5.2. | |||||
| CVE-2025-39492 | 2025-05-19 | N/A | 7.5 HIGH | ||
| Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision. | |||||
| CVE-2025-39491 | 2025-05-19 | N/A | 8.1 HIGH | ||
| Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision. | |||||
| CVE-2025-47649 | 2025-05-08 | N/A | 8.8 HIGH | ||
| Path Traversal vulnerability in ilmosys Open Close WooCommerce Store allows PHP Local File Inclusion. This issue affects Open Close WooCommerce Store: from n/a through 4.9.5. | |||||
| CVE-2025-39470 | 2025-04-21 | N/A | 8.1 HIGH | ||
| Path Traversal: '.../...//' vulnerability in ThimPress Ivy School allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through 1.6.0. | |||||
| CVE-2025-24908 | 2025-04-17 | N/A | 6.8 MEDIUM | ||
| Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. (CWE-35) Description Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.2, including 9.3.x and 8.3.x, do not sanitize a user input used as a file path through the UploadFile service. Impact This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory. | |||||
| CVE-2025-24907 | 2025-04-17 | N/A | 6.8 MEDIUM | ||
| Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. (CWE-35) Description Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.2, including 9.3.x and 8.3.x, do not sanitize a user input used as a file path through the CGG Draw API. Impact This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory. | |||||
| CVE-2025-30966 | 2025-04-16 | N/A | 5.4 MEDIUM | ||
| Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a. | |||||