Total
373 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3033 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-13 | N/A | 7.7 HIGH |
| After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 137 and Thunderbird 137. | |||||
| CVE-2026-23898 | 1 Joomla | 1 Joomla\! | 2026-04-09 | N/A | 7.2 HIGH |
| Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism. | |||||
| CVE-2024-6467 | 1 Reputeinfosystems | 1 Bookingpress | 2026-04-08 | N/A | 8.8 HIGH |
| The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files that contain the content of files (either on the local server or from a remote location), allowing the execution of any PHP code in those files or the exposure of sensitive information. | |||||
| CVE-2021-4332 | 1 Posimyth | 1 The Plus Addons For Elementor | 2026-04-08 | N/A | 6.5 MEDIUM |
| The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the plugin used file_get_contents with no verification that the file being supplied was an SVG file, so any user with access to the Elementor page builder, such as contributors, could read arbitrary files on the WordPress installation. | |||||
| CVE-2023-5816 | 1 Bowo | 1 Code Explorer | 2026-04-08 | N/A | 4.9 MEDIUM |
| The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only access WordPress related files. This makes it possible for authenticated attackers, with administrator-level access, to read files outside of the WordPress instance. | |||||
| CVE-2025-4603 | 1 Emagicone | 1 Emagicone Store Manager For Woocommerce | 2026-04-08 | N/A | 9.1 CRITICAL |
| The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This is only exploitable by unauthenticated attackers in default configurations where the the default password is left as 1:1, or where the attacker gains access to the credentials. | |||||
| CVE-2025-4602 | 1 Emagicone | 1 Emagicone Store Manager For Woocommerce | 2026-04-08 | N/A | 5.9 MEDIUM |
| The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the get_file() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. This is only exploitable by unauthenticated attackers in default configurations where the the default password is left as 1:1, or where the attacker gains access to the credentials. | |||||
| CVE-2025-3419 | 1 Themewinter | 1 Eventin | 2026-04-08 | N/A | 7.5 HIGH |
| The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxy_image() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. CVE-2025-47445 is a duplicate of this vulnerability. | |||||
| CVE-2023-4634 | 1 Davidlingren | 1 Media Library Assistant | 2026-04-08 | N/A | 9.8 CRITICAL |
| The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible. | |||||
| CVE-2026-30282 | 1 Uxgroupllc | 1 Cast To Tv | 2026-04-07 | N/A | 9.0 CRITICAL |
| An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure. | |||||
| CVE-2026-33949 | 1 Ssw | 1 Tinacms\/graphql | 2026-04-07 | N/A | 8.1 HIGH |
| Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. The impact includes the ability to replace critical server configuration files and potentially execute arbitrary commands by sabotaging build script. This issue has been patched in version 2.2.2. | |||||
| CVE-2026-30276 | 1 Deftpdf | 1 Document Translator | 2026-04-06 | N/A | 9.8 CRITICAL |
| An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | |||||
| CVE-2026-30281 | 1 Maru | 1 Neo.maru | 2026-04-06 | N/A | 9.8 CRITICAL |
| An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | |||||
| CVE-2026-30284 | 1 Uxgroupllc | 1 Voice Recorder | 2026-04-06 | N/A | 8.6 HIGH |
| An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | |||||
| CVE-2026-30289 | 1 Tinybeans | 1 Private Family Album | 2026-04-02 | N/A | 8.4 HIGH |
| An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | |||||
| CVE-2026-30287 | 1 Deepthought.industries | 1 Ace Scanner | 2026-04-02 | N/A | 8.4 HIGH |
| An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure. | |||||
| CVE-2026-27825 | 1 Mcp-atlassian | 1 Mcp Atlassian | 2026-04-02 | N/A | 9.0 CRITICAL |
| MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, the `confluence_download_attachment` MCP tool accepts a `download_path` parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the server process has write access to. Because the attacker controls both the write destination and the written content (via an uploaded Confluence attachment), this constitutes for arbitrary code execution (for example, writing a valid cron entry to `/etc/cron.d/` achieves code execution within one scheduler cycle with no server restart required). Version 0.17.0 fixes the issue. | |||||
| CVE-2026-30940 | 1 Basercms | 1 Basercms | 2026-04-01 | N/A | 7.2 HIGH |
| baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary directory outside the theme directory, which may result in remote code execution (RCE). This issue has been patched in version 5.2.3. | |||||
| CVE-2026-33027 | 1 Nginxui | 1 Nginx Ui | 2026-04-01 | N/A | 6.5 MEDIUM |
| Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operation on the base directory (/etc/nginx). In particular, this allows an authenticated user to remove the entire /etc/nginx directory, resulting in a partial Denial of Service. This issue has been patched in version 2.3.4. | |||||
| CVE-2026-33989 | 1 Mobilenexthq | 1 Mobile Mcp | 2026-03-31 | N/A | 8.1 HIGH |
| Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output` parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the intended workspace. Version 0.0.49 fixes the issue. | |||||