Total
94 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32950 | 2025-05-27 | N/A | 6.5 MEDIUM | ||
| Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server has the necessary permissions. This can be accomplished either by modifying the FileRef directly in the database or by supplying a harmful value in the fileRef parameter of the `/files` endpoint of the generic REST API. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website. | |||||
| CVE-2025-46441 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
| Path Traversal: '.../...//' vulnerability in ctltwp Section Widget allows Path Traversal.This issue affects Section Widget: from n/a through 3.3.1. | |||||
| CVE-2025-27010 | 2025-05-21 | N/A | 8.1 HIGH | ||
| Path Traversal: '.../...//' vulnerability in bslthemes Tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a before 2.5.2. | |||||
| CVE-2025-39492 | 2025-05-19 | N/A | 7.5 HIGH | ||
| Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision. | |||||
| CVE-2025-39491 | 2025-05-19 | N/A | 8.1 HIGH | ||
| Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision. | |||||
| CVE-2025-47636 | 2025-05-08 | N/A | 7.5 HIGH | ||
| Path Traversal vulnerability in Fernando Briano List category posts allows PHP Local File Inclusion. This issue affects List category posts: from n/a through 0.90.3. | |||||
| CVE-2025-47649 | 2025-05-08 | N/A | 8.8 HIGH | ||
| Path Traversal vulnerability in ilmosys Open Close WooCommerce Store allows PHP Local File Inclusion. This issue affects Open Close WooCommerce Store: from n/a through 4.9.5. | |||||
| CVE-2025-39470 | 2025-04-21 | N/A | 8.1 HIGH | ||
| Path Traversal: '.../...//' vulnerability in ThimPress Ivy School allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through 1.6.0. | |||||
| CVE-2025-24907 | 2025-04-17 | N/A | 6.8 MEDIUM | ||
| Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. (CWE-35) Description Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.2, including 9.3.x and 8.3.x, do not sanitize a user input used as a file path through the CGG Draw API. Impact This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory. | |||||
| CVE-2025-24908 | 2025-04-17 | N/A | 6.8 MEDIUM | ||
| Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. (CWE-35) Description Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.2, including 9.3.x and 8.3.x, do not sanitize a user input used as a file path through the UploadFile service. Impact This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory. | |||||
| CVE-2025-30966 | 2025-04-16 | N/A | 5.4 MEDIUM | ||
| Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a. | |||||
| CVE-2025-39598 | 2025-04-16 | N/A | 4.9 MEDIUM | ||
| Path Traversal vulnerability in Quý Lê 91 Administrator Z allows Path Traversal. This issue affects Administrator Z: from n/a through 2025.03.28. | |||||
| CVE-2025-32585 | 2025-04-11 | N/A | 7.5 HIGH | ||
| Path Traversal vulnerability in Trusty Plugins Shop Products Filter allows PHP Local File Inclusion. This issue affects Shop Products Filter: from n/a through 1.2. | |||||
| CVE-2025-30014 | 2025-04-08 | N/A | 7.7 HIGH | ||
| SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected. | |||||
| CVE-2024-2863 | 1 Lg | 1 Lg Led Assistant | 2025-04-04 | N/A | 5.3 MEDIUM |
| This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. | |||||
| CVE-2025-30834 | 2025-04-01 | N/A | 7.5 HIGH | ||
| Path Traversal vulnerability in Bit Apps Bit Assist allows Path Traversal. This issue affects Bit Assist: from n/a through 1.5.4. | |||||
| CVE-2024-54362 | 2025-03-28 | N/A | 8.1 HIGH | ||
| Path Traversal vulnerability in NotFound GetShop ecommerce allows Path Traversal. This issue affects GetShop ecommerce: from n/a through 1.3. | |||||
| CVE-2025-0858 | 2025-03-27 | N/A | N/A | ||
| A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure. | |||||
| CVE-2025-26935 | 1 Wpjobportal | 1 Wp Job Portal | 2025-03-25 | N/A | 7.5 HIGH |
| Path Traversal vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion. This issue affects WP Job Portal: from n/a through 2.2.8. | |||||
| CVE-2024-2654 | 1 Filemanagerpro | 1 File Manager | 2025-03-24 | N/A | 6.8 MEDIUM |
| The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information. | |||||