Total
7621 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-45238 | 1 Qianfox | 1 Foxcms | 2025-06-12 | 9.1 Critical |
| foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method. | ||||
| CVE-2025-45239 | 1 Qianfox | 1 Foxcms | 2025-06-12 | 5.3 Medium |
| An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal. | ||||
| CVE-2025-4329 | 1 74cms | 1 74cms | 2025-06-12 | 4.3 Medium |
| A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2048 | 1 Lana | 1 Lana Downloads Manager | 2025-06-12 | 4.1 Medium |
| The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server | ||||
| CVE-2025-47273 | 3 Debian, Python, Redhat | 4 Debian Linux, Setuptools, Enterprise Linux and 1 more | 2025-06-12 | 8.8 High |
| setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue. | ||||
| CVE-2025-31635 | 2025-06-12 | 7.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup CLEVER allows Path Traversal. This issue affects CLEVER: from n/a through 2.6. | ||||
| CVE-2025-39473 | 2025-06-12 | 8.1 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebGeniusLab Seofy Core allows PHP Local File Inclusion. This issue affects Seofy Core: from n/a through 1.4.5. | ||||
| CVE-2025-5880 | 2025-06-12 | 4.3 Medium | ||
| A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-48124 | 2025-06-12 | 7.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows Path Traversal. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37. | ||||
| CVE-2025-48130 | 2025-06-12 | 7.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks allows Path Traversal. This issue affects Spice Blocks: from n/a through 2.0.7.2. | ||||
| CVE-2025-31050 | 2025-06-12 | 7.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery allows Path Traversal. This issue affects Apptha Slider Gallery: from n/a through 2.5. | ||||
| CVE-2025-37100 | 2025-06-12 | 7.7 High | ||
| A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information. | ||||
| CVE-2025-5741 | 2025-06-12 | 4.9 Medium | ||
| CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server. | ||||
| CVE-2025-5740 | 2025-06-12 | 7.2 High | ||
| CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an unauthenticated user on the web server manipulates file path. | ||||
| CVE-2025-42977 | 2025-06-12 | 7.6 High | ||
| SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user. This allows an attacker to read or modify arbitrary files, resulting in a high impact on confidentiality and a low impact on integrity. | ||||
| CVE-2023-41474 | 1 Ivanti | 1 Avalanche | 2025-06-12 | 6.5 Medium |
| Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component. | ||||
| CVE-2023-5241 | 1 Quantumcloud | 1 Wpbot | 2025-06-12 | 9.6 Critical |
| The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append "<?php" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php. | ||||
| CVE-2023-6623 | 1 Wpdeveloper | 1 Essential Blocks | 2025-06-11 | 9.8 Critical |
| The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks. | ||||
| CVE-2023-40439 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-11 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information. | ||||
| CVE-2021-24566 | 1 Pluginus | 1 Fox - Currency Switcher Professional For Woocommerce | 2025-06-11 | 8.8 High |
| The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode. | ||||