Total
126 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26876 | 1 Codemanas | 1 Search With Typesense | 2025-09-30 | 6.8 Medium |
| Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue affects Search with Typesense: from n/a through 2.0.8. | ||||
| CVE-2023-41793 | 2 Artica, Pandora Fms | 2 Pandora Fms, Pandora Fms | 2025-09-16 | 6.7 Medium |
| : Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776. | ||||
| CVE-2025-47636 | 2025-09-15 | 7.5 High | ||
| Path Traversal vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through 0.91.0. | ||||
| CVE-2025-48317 | 2025-09-09 | 7.5 High | ||
| Path Traversal vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay allows Path Traversal. This issue affects WooCommerce Payment Gateway for Saferpay: from n/a through 0.4.9. | ||||
| CVE-2025-4956 | 2 Aa-team, Wordpress | 2 Pro Bulk Watermark Plugin, Wordpress | 2025-09-02 | 4.3 Medium |
| Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0. | ||||
| CVE-2025-48081 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.3 Medium |
| Path Traversal: '.../...//' vulnerability in Printeers Printeers Print & Ship allows Path Traversal.This issue affects Printeers Print & Ship: from n/a through 1.17.0. | ||||
| CVE-2024-41973 | 2025-08-27 | 8.1 High | ||
| A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges. | ||||
| CVE-2024-41972 | 2025-08-27 | 6.5 Medium | ||
| A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges. | ||||
| CVE-2024-52885 | 1 Checkpoint | 5 Check Point, Gaia Os, Mobile Access and 2 more | 2025-08-27 | 5 Medium |
| The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway. | ||||
| CVE-2025-53561 | 2 Miniorange, Wordpress | 2 Prevent Files \/ Folders Access, Wordpress | 2025-08-21 | 6.5 Medium |
| Path Traversal vulnerability in miniOrange Prevent files / folders access allows Path Traversal. This issue affects Prevent files / folders access: from n/a through 2.6.0. | ||||
| CVE-2024-34191 | 1 Htmly | 1 Htmly | 2025-08-20 | 6.5 Medium |
| htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request. | ||||
| CVE-2025-52712 | 2 Boldgrid, Wordpress | 2 Post And Page Builder By Boldgrid - Visual Drag And Drop Editor, Wordpress | 2025-08-14 | 4.2 Medium |
| Path Traversal vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Path Traversal. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8. | ||||
| CVE-2025-30515 | 1 Cyberdata | 2 011209 Sip Emergency Intercom, 011209 Sip Emergency Intercom Firmware | 2025-08-12 | 9.8 Critical |
| CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system. | ||||
| CVE-2024-56213 | 2 Themewinter, Wordpress | 2 Eventin, Wordpress | 2025-08-11 | 6.5 Medium |
| Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7. | ||||
| CVE-2025-53417 | 1 Delta Electronics | 1 Diaview | 2025-08-05 | N/A |
| DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability | ||||
| CVE-2021-1132 | 1 Cisco | 1 Network Services Orchestrator | 2025-08-05 | 5.3 Medium |
| A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data. This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2020-26073 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2025-08-04 | 7.5 High |
| A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2025-20320 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2025-07-21 | 6.3 Medium |
| In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will. | ||||
| CVE-2025-52810 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.1 High |
| Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1. | ||||
| CVE-2025-52811 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.1 High |
| Path Traversal vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme allows PHP Local File Inclusion. This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through 1.3. | ||||