Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5882 | 1 Webcodingplace | 1 Ultimate Classified Listings | 2025-04-10 | N/A | N/A |
| The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the `ucl_page` and `layout` parameters allowing unauthenticated users to access PHP files on the server from the listings page | |||||
| CVE-2025-31411 | 2025-04-10 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Aribhour Linet ERP-Woocommerce Integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.12. | |||||
| CVE-2025-30582 | 2025-04-10 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aytechnet DyaPress ERP/CRM allows PHP Local File Inclusion. This issue affects DyaPress ERP/CRM: from n/a through 18.0.2.0. | |||||
| CVE-2025-32209 | 2025-04-10 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Total processing card payments for WooCommerce allows Path Traversal. This issue affects Total processing card payments for WooCommerce: from n/a through 7.1.5. | |||||
| CVE-2025-32205 | 2025-04-10 | N/A | N/A | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms. This issue affects Piotnet Forms: from n/a through 1.0.30. | |||||
| CVE-2025-2193 | 1 Mrcms | 1 Mrcms | 2025-04-09 | N/A | 8.1 HIGH |
| A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path/name leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-4778 | 1 Elvexys | 1 Streamx | 2025-04-09 | N/A | 6.5 MEDIUM |
| StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated are affected. | |||||
| CVE-2022-3782 | 1 Redhat | 1 Keycloak | 2025-04-09 | N/A | 9.1 CRITICAL |
| keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field. | |||||
| CVE-2022-48253 | 1 Nazgul | 1 Nostromo | 2025-04-08 | N/A | 9.8 CRITICAL |
| nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used. | |||||
| CVE-2025-32018 | 2025-04-08 | N/A | N/A | ||
| Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the user or via maliciously crafted context, to automatically write to files outside of the opened workspace. This behavior required deliberate prompting, making successful exploitation highly impractical in real-world scenarios. Furthermore, the edited file was still displayed in the UI as usual for user review, making it unlikely for the edit to go unnoticed by the user. This vulnerability is fixed in 0.48.7. | |||||
| CVE-2024-3686 | 1 Dedecms | 1 Dedecms | 2025-04-08 | N/A | 7.5 HIGH |
| A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-41792 | 2025-04-08 | N/A | 8.6 HIGH | ||
| A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices contains a path traversal vulnerability. This could allow an unauthenticated attacker it to access arbitrary files on the device with root privileges. | |||||
| CVE-2025-2519 | 2025-04-08 | N/A | 6.5 MEDIUM | ||
| The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1. This is due to insufficient file validation in the 'st_send_download_file' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download arbitrary files. | |||||
| CVE-2022-45299 | 1 Webbrowser Project | 1 Webbrowser | 2025-04-07 | N/A | 9.8 CRITICAL |
| An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL. | |||||
| CVE-2022-42136 | 1 Mailenable | 1 Mailenable | 2025-04-07 | N/A | 8.8 HIGH |
| Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands. | |||||
| CVE-2023-22320 | 1 Openam | 1 Openam | 2025-04-07 | N/A | 7.5 HIGH |
| OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated incorrectly. | |||||
| CVE-2022-43975 | 1 Ge | 2 Ms 3000, Ms 3000 Firmware | 2025-04-07 | N/A | 7.5 HIGH |
| An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory traversal over TCP port 8888. | |||||
| CVE-2025-3317 | 2025-04-06 | N/A | 4.3 MEDIUM | ||
| A vulnerability classified as problematic has been found in fumiao opencms up to a0fafa5cff58719e9b27c2a2eec204cc165ce14f. Affected is an unknown function of the file opencms-dev/src/main/webapp/view/admin/document/dataPage.jsp. The manipulation of the argument path leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
| CVE-2025-2941 | 2025-04-05 | N/A | 9.8 CRITICAL | ||
| The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file[] parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). | |||||
| CVE-2024-43328 | 1 Wpdeveloper | 1 Embedpress | 2025-04-05 | N/A | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper EmbedPress allows PHP Local File Inclusion.This issue affects EmbedPress: from n/a through 4.0.9. | |||||