Total
60 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47649 | 2025-05-07 | N/A | N/A | ||
| Path Traversal vulnerability in ilmosys Open Close WooCommerce Store allows PHP Local File Inclusion. This issue affects Open Close WooCommerce Store: from n/a through 4.9.5. | |||||
| CVE-2025-39470 | 2025-04-21 | N/A | N/A | ||
| Path Traversal: '.../...//' vulnerability in ThimPress Ivy School allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through 1.6.0. | |||||
| CVE-2025-39598 | 2025-04-16 | N/A | N/A | ||
| Path Traversal vulnerability in Quý Lê 91 Administrator Z allows Path Traversal. This issue affects Administrator Z: from n/a through 2025.03.28. | |||||
| CVE-2025-30966 | 2025-04-15 | N/A | N/A | ||
| Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a. | |||||
| CVE-2025-32585 | 2025-04-11 | N/A | N/A | ||
| Path Traversal vulnerability in Trusty Plugins Shop Products Filter allows PHP Local File Inclusion. This issue affects Shop Products Filter: from n/a through 1.2. | |||||
| CVE-2025-30014 | 2025-04-08 | N/A | 7.7 HIGH | ||
| SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don?t have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected. | |||||
| CVE-2025-30834 | 2025-04-01 | N/A | N/A | ||
| Path Traversal vulnerability in Bit Apps Bit Assist allows Path Traversal. This issue affects Bit Assist: from n/a through 1.5.4. | |||||
| CVE-2024-54362 | 2025-03-28 | N/A | N/A | ||
| Path Traversal vulnerability in NotFound GetShop ecommerce allows Path Traversal. This issue affects GetShop ecommerce: from n/a through 1.3. | |||||
| CVE-2025-26935 | 1 Wpjobportal | 1 Wp Job Portal | 2025-03-25 | N/A | 8.8 HIGH |
| Path Traversal vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion. This issue affects WP Job Portal: from n/a through 2.2.8. | |||||
| CVE-2025-26940 | 2025-03-15 | N/A | N/A | ||
| Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | |||||
| CVE-2025-27274 | 1 Axelkeller | 1 Gpx Viewer | 2025-03-07 | N/A | 4.9 MEDIUM |
| Path Traversal vulnerability in NotFound GPX Viewer allows Path Traversal. This issue affects GPX Viewer: from n/a through 2.2.11. | |||||
| CVE-2025-22786 | 1 Elementinvader | 1 Elementinvader Addons For Elementor | 2025-03-06 | N/A | 8.8 HIGH |
| Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6. | |||||
| CVE-2025-25122 | 2025-03-03 | N/A | N/A | ||
| Path Traversal vulnerability in NotFound WizShop allows PHP Local File Inclusion. This issue affects WizShop: from n/a through 3.0.2. | |||||
| CVE-2025-26356 | 2025-02-12 | N/A | N/A | ||
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26351 | 2025-02-12 | N/A | N/A | ||
| A CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26354 | 2025-02-12 | N/A | N/A | ||
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26357 | 2025-02-12 | N/A | N/A | ||
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26352 | 2025-02-12 | N/A | N/A | ||
| A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26355 | 2025-02-12 | N/A | N/A | ||
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26353 | 2025-02-12 | N/A | N/A | ||
| A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. | |||||