Total
319 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55746 | 1 Monospace | 1 Directus | 2026-01-13 | N/A | 9.3 CRITICAL |
| Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents (without changes being applied to the files' database-resident metadata) and / or upload new files, with arbitrary content and extensions, which won't show up in the Directus UI. This vulnerability is fixed in 11.9.3. | |||||
| CVE-2025-14059 | 2026-01-08 | N/A | 6.5 MEDIUM | ||
| The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. This is due to missing path validation in the create_template REST API endpoint where user-controlled input from the emailkit-editor-template parameter is passed directly to file_get_contents() without sanitization. This makes it possible for authenticated attackers with Author-level permissions or higher to read arbitrary files on the server, including sensitive configuration files like /etc/passwd and wp-config.php, via the REST API. The file contents are stored in post meta and can be exfiltrated through MetForm's email confirmation feature. | |||||
| CVE-2025-66003 | 2026-01-08 | N/A | N/A | ||
| An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5. | |||||
| CVE-2025-66449 | 1 C4illin | 1 Convertx | 2026-01-07 | N/A | 8.8 HIGH |
| ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint `/upload` allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes `file.name` directly from user supplied data without doing any sanitization on the name thus allowing for arbitrary file write. This can be used to overwrite system binaries with ones provided from an attacker allowing full code execution. Version 0.16.0 contains a patch for the issue. | |||||
| CVE-2025-62842 | 2026-01-02 | N/A | N/A | ||
| An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 26.2.0.938 and later | |||||
| CVE-2025-68478 | 1 Langflow | 1 Langflow | 2026-01-02 | N/A | 7.1 HIGH |
| Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths (e.g., /etc/poc.txt) are interpreted as is. Version 1.7.0 fixes the issue. | |||||
| CVE-2025-67461 | 1 Zoom | 1 Rooms | 2025-12-30 | N/A | 5.0 MEDIUM |
| External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access. | |||||
| CVE-2025-12654 | 2025-12-23 | N/A | 2.7 LOW | ||
| The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the check_filesystem_permissions() function not properly restricting the directories that can be created, or in what location. This makes it possible for authenticated attackers, with Administrator-level access and above, to create arbitrary directories. | |||||
| CVE-2025-1686 | 1 Pebbletemplates | 1 Pebble | 2025-12-19 | N/A | 6.8 MEDIUM |
| All versions of the package io.pebbletemplates:pebble are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files like /etc/passwd or /proc/1/environ. Workaround This vulnerability can be mitigated by disabling the include macro in Pebble Templates: java new PebbleEngine.Builder() .registerExtensionCustomizer(new DisallowExtensionCustomizerBuilder() .disallowedTokenParserTags(List.of("include")) .build()) .build(); | |||||
| CVE-2025-68155 | 2025-12-18 | N/A | 7.5 HIGH | ||
| @vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Prior to version 0.5.8, the `/__vite_rsc_findSourceMapURL` endpoint in `@vitejs/plugin-rsc` allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sending a crafted HTTP request with a `file://` URL in the `filename` query parameter. Version 0.5.8 fixes the issue. | |||||
| CVE-2025-65473 | 1 Easyimages2.0 Project | 1 Easyimages2.0 | 2025-12-15 | N/A | 9.1 CRITICAL |
| An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name. | |||||
| CVE-2025-59516 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-12-12 | N/A | 7.8 HIGH |
| Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-13320 | 2025-12-12 | N/A | 6.8 MEDIUM | ||
| The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filter_input() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server via the 'current_user_avatar' parameter in a two-stage attack which can make remote code execution possible. This only affects sites with the custom avatar setting enabled. | |||||
| CVE-2025-65799 | 1 Usememos | 1 Memos | 2025-12-09 | N/A | 4.3 MEDIUM |
| A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal. | |||||
| CVE-2020-36878 | 2025-12-08 | N/A | N/A | ||
| ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources. | |||||
| CVE-2025-66257 | 1 Dbbroadcast | 44 Mozart Dds Next 100, Mozart Dds Next 1000, Mozart Dds Next 1000 Firmware and 41 more | 2025-12-03 | N/A | 9.1 CRITICAL |
| Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch parameter allows unauthenticated deletion of arbitrary files. The `deletepatch` parameter in `patch_contents.php` allows unauthenticated deletion of arbitrary files in `/var/www/patch/` directory without sanitization or access control checks. | |||||
| CVE-2025-66254 | 1 Dbbroadcast | 44 Mozart Dds Next 100, Mozart Dds Next 1000, Mozart Dds Next 1000 Firmware and 41 more | 2025-12-03 | N/A | 9.1 CRITICAL |
| Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary files. The `deleteupgrade` parameter in `/var/www/upgrade_contents.php` allows unauthenticated deletion of arbitrary files in `/var/www/upload/` without any extension restriction or path sanitization, enabling attackers to remove critical system files. | |||||
| CVE-2025-12529 | 2025-12-02 | N/A | 8.8 HIGH | ||
| The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles() function in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to inject arbitrary file paths into the orders that are removed, when an administrator deletes them. This can lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability requires the Cost Calculator Builder Pro version to be installed along with the free version in order to be exploitable. | |||||
| CVE-2025-30201 | 1 Wazuh | 1 Wazuh | 2025-12-02 | N/A | 7.7 HIGH |
| Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leading NTLM relay attacks that would result privilege escalation and remote code execution. This issue has been patched in version 4.13.0. | |||||
| CVE-2021-4472 | 2025-12-01 | N/A | 6.5 MEDIUM | ||
| The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content. | |||||