Total
7118 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6070 | 2025-06-14 | N/A | 6.5 MEDIUM | ||
| The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2025-6065 | 2025-06-14 | N/A | 9.1 CRITICAL | ||
| The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | |||||
| CVE-2025-4187 | 2025-06-14 | N/A | 5.9 MEDIUM | ||
| The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2025-2817 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-06-13 | N/A | 8.8 HIGH |
| Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. | |||||
| CVE-2024-46212 | 1 Redaxo | 1 Redaxo | 2025-06-13 | N/A | 4.9 MEDIUM |
| An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal. | |||||
| CVE-2025-28384 | 2025-06-13 | N/A | 9.1 CRITICAL | ||
| An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal. | |||||
| CVE-2025-28382 | 2025-06-13 | N/A | 7.5 HIGH | ||
| An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal. | |||||
| CVE-2025-46096 | 2025-06-13 | N/A | 6.1 MEDIUM | ||
| Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component | |||||
| CVE-2025-28099 | 1 Fumiao | 1 Opencms | 2025-06-13 | N/A | 4.3 MEDIUM |
| opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp, | |||||
| CVE-2024-52771 | 1 Dedebiz | 1 Dedebiz | 2025-06-13 | N/A | 9.1 CRITICAL |
| DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/file_manage_view. | |||||
| CVE-2025-22240 | 2025-06-13 | N/A | 6.3 MEDIUM | ||
| Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to. | |||||
| CVE-2025-22238 | 2025-06-13 | N/A | 4.2 MEDIUM | ||
| Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory. | |||||
| CVE-2025-32103 | 1 Crushftp | 1 Crushftp | 2025-06-13 | N/A | 5.0 MEDIUM |
| CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions. | |||||
| CVE-2025-46783 | 2025-06-13 | N/A | 9.8 CRITICAL | ||
| Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is running by tampering with specific files used on the product. | |||||
| CVE-2025-45238 | 1 Qianfox | 1 Foxcms | 2025-06-12 | N/A | 9.1 CRITICAL |
| foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method. | |||||
| CVE-2025-45239 | 1 Qianfox | 1 Foxcms | 2025-06-12 | N/A | 5.3 MEDIUM |
| An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal. | |||||
| CVE-2025-4329 | 1 74cms | 1 74cms | 2025-06-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2048 | 1 Lana | 1 Lana Downloads Manager | 2025-06-12 | N/A | 4.1 MEDIUM |
| The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server | |||||
| CVE-2025-47273 | 2 Debian, Python | 2 Debian Linux, Setuptools | 2025-06-12 | N/A | 8.8 HIGH |
| setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue. | |||||
| CVE-2025-39473 | 2025-06-12 | N/A | 8.1 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebGeniusLab Seofy Core allows PHP Local File Inclusion. This issue affects Seofy Core: from n/a through 1.4.5. | |||||