Total
153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0858 | 2026-06-17 | N/A | N/A | ||
| A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure. | |||||
| CVE-2024-7608 | 2026-06-17 | N/A | 5.9 MEDIUM | ||
| An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal. | |||||
| CVE-2024-5481 | 1 10web | 1 Photo Gallery | 2026-06-17 | N/A | 6.8 MEDIUM |
| The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the server, which can contain sensitive information, and to cut (delete) arbitrary directories, including the root WordPress directory. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery edit permissions to lower level users, which might make this exploitable by users as low as contributors. | |||||
| CVE-2024-56214 | 2026-06-17 | N/A | 8.3 HIGH | ||
| Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro: from n/a through <= 5.1.9. | |||||
| CVE-2024-56213 | 1 Themewinter | 1 Eventin | 2026-06-17 | N/A | 6.5 MEDIUM |
| Path Traversal: '.../...//' vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.7. | |||||
| CVE-2024-56055 | 1 Vibethemes | 1 Wordpress Learning Management System | 2026-06-17 | N/A | 8.5 HIGH |
| Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | |||||
| CVE-2024-56049 | 1 Vibethemes | 1 Wordpress Learning Management System | 2026-06-17 | N/A | 8.5 HIGH |
| Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | |||||
| CVE-2024-56045 | 1 Vibethemes | 1 Wordpress Learning Management System | 2026-06-17 | N/A | 9.3 CRITICAL |
| Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5. | |||||
| CVE-2024-54362 | 2026-06-17 | N/A | 8.1 HIGH | ||
| Path Traversal: '.../...//' vulnerability in boggibill GetShop ecommerce getshop-ecommerce allows Path Traversal.This issue affects GetShop ecommerce: from n/a through <= 1.3. | |||||
| CVE-2024-54313 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25. | |||||
| CVE-2024-54216 | 1 Reputeinfosystems | 1 Arforms | 2026-06-17 | N/A | 7.7 HIGH |
| Path Traversal: '.../...//' vulnerability in reputeinfosystems ARForms arforms allows Path Traversal.This issue affects ARForms: from n/a through <= 6.4.1. | |||||
| CVE-2024-52885 | 1 Checkpoint | 3 Gaia Os, Mobile Access, Remote Access Vpn | 2026-06-17 | N/A | 5.0 MEDIUM |
| The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway. | |||||
| CVE-2024-52498 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Path Traversal: '.../...//' vulnerability in softpulseinfotech SP Blog Designer sp-blog-designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through <= 1.0.0. | |||||
| CVE-2024-52447 | 2026-06-17 | N/A | 8.6 HIGH | ||
| Path Traversal: '.../...//' vulnerability in corporatezen222 Contact Page With Google Map contact-page-with-google-map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through <= 1.6.1. | |||||
| CVE-2024-52390 | 2026-06-17 | N/A | 4.9 MEDIUM | ||
| Path Traversal: '.../...//' vulnerability in Greg Ross CYAN Backup cyan-backup allows Path Traversal.This issue affects CYAN Backup: from n/a through <= 2.5.3. | |||||
| CVE-2024-51582 | 1 Thimpress | 1 Wp Hotel Booking | 2026-06-17 | N/A | 7.5 HIGH |
| Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through <= 2.2.9. | |||||
| CVE-2024-50054 | 2026-06-17 | N/A | 7.5 HIGH | ||
| The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system. | |||||
| CVE-2024-49770 | 2026-06-17 | N/A | N/A | ||
| `oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Context.send` API. However, prior to version 17.1.3, this can be bypassed by encoding `/` as its URL encoded form `%2F`. For an attacker this has potential to read sensitive user data or to gain access to server secrets. Version 17.1.3 fixes the issue. | |||||
| CVE-2024-49258 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Path Traversal: '.../...//' vulnerability in Limbcode WordPress Gallery Plugin – Limb Image Gallery limb-gallery.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through <= 1.5.7. | |||||
| CVE-2024-49249 | 2026-06-17 | N/A | 8.6 HIGH | ||
| Path Traversal: '.../...//' vulnerability in SMSA Express SMSA Shipping smsa-shipping-official allows Path Traversal.This issue affects SMSA Shipping: from n/a through <= 2.3. | |||||