Total
91 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-49296 | 2025-06-12 | N/A | 8.1 HIGH | ||
Path Traversal vulnerability in Mikado-Themes GrandPrix allows PHP Local File Inclusion. This issue affects GrandPrix: from n/a through 1.6. | |||||
CVE-2025-39475 | 2025-06-12 | N/A | 8.1 HIGH | ||
Path Traversal vulnerability in Frenify Arlo allows PHP Local File Inclusion. This issue affects Arlo: from n/a through 6.0.3. | |||||
CVE-2025-49297 | 2025-06-12 | N/A | 8.1 HIGH | ||
Path Traversal vulnerability in Mikado-Themes Grill and Chow allows PHP Local File Inclusion. This issue affects Grill and Chow: from n/a through 1.6. | |||||
CVE-2025-49295 | 2025-06-12 | N/A | 8.1 HIGH | ||
Path Traversal vulnerability in Mikado-Themes MediClinic allows PHP Local File Inclusion. This issue affects MediClinic: from n/a through 2.1. | |||||
CVE-2025-30515 | 2025-06-12 | N/A | 9.8 CRITICAL | ||
CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system. | |||||
CVE-2025-27445 | 2025-06-05 | N/A | N/A | ||
A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files | |||||
CVE-2025-22205 | 1 Admiror-design-studio | 1 Admiror Gallery | 2025-06-04 | N/A | 7.5 HIGH |
Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x. | |||||
CVE-2025-5598 | 2025-06-04 | N/A | N/A | ||
Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve Embedded Sensitive Data.This issue affects airleader MASTER: 3.0046. | |||||
CVE-2024-12088 | 2025-06-02 | N/A | 6.5 MEDIUM | ||
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. | |||||
CVE-2024-12087 | 2025-06-02 | N/A | 6.5 MEDIUM | ||
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. | |||||
CVE-2025-40573 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-05-30 | N/A | 4.4 MEDIUM |
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder. | |||||
CVE-2024-40505 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2025-05-29 | N/A | 9.3 CRITICAL |
Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. | |||||
CVE-2025-32950 | 2025-05-27 | N/A | 6.5 MEDIUM | ||
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server has the necessary permissions. This can be accomplished either by modifying the FileRef directly in the database or by supplying a harmful value in the fileRef parameter of the `/files` endpoint of the generic REST API. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website. | |||||
CVE-2025-46441 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
Path Traversal: '.../...//' vulnerability in ctltwp Section Widget allows Path Traversal.This issue affects Section Widget: from n/a through 3.3.1. | |||||
CVE-2025-27010 | 2025-05-21 | N/A | 8.1 HIGH | ||
Path Traversal: '.../...//' vulnerability in bslthemes Tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a before 2.5.2. | |||||
CVE-2025-39491 | 2025-05-19 | N/A | 8.1 HIGH | ||
Path Traversal vulnerability in WHMPress WHMpress allows Path Traversal. This issue affects WHMpress: from 6.2 through revision. | |||||
CVE-2025-39492 | 2025-05-19 | N/A | 7.5 HIGH | ||
Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision. | |||||
CVE-2025-47636 | 2025-05-08 | N/A | 7.5 HIGH | ||
Path Traversal vulnerability in Fernando Briano List category posts allows PHP Local File Inclusion. This issue affects List category posts: from n/a through 0.90.3. | |||||
CVE-2025-47649 | 2025-05-08 | N/A | 8.8 HIGH | ||
Path Traversal vulnerability in ilmosys Open Close WooCommerce Store allows PHP Local File Inclusion. This issue affects Open Close WooCommerce Store: from n/a through 4.9.5. | |||||
CVE-2025-39470 | 2025-04-21 | N/A | 8.1 HIGH | ||
Path Traversal: '.../...//' vulnerability in ThimPress Ivy School allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through 1.6.0. |