CVE-2025-55017

CVE-2025-55017 describes a path traversal vulnerability in Apache IoTDB. Affected versions are IoTDB 2.0.0 up to but not including 2.0.6, and IoTDB 1.0.0 up to but not including 1.3.6. Upgrading to IoTDB 2.0.6 or 1.3.6 fixes the issue.

CVE-2026-57872

An unauthenticated directory traversal vulnerability exists in getfcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attack...

CVE-2026-53174

A flaw was found in the Linux kernel's overlay filesystem ovl component. Specifically, an issue in the ovliteratemerged function incorrectly stores an error pointer even after a successful cache operation. This can lead to the function returning a misleading non-zero error, potentially causing...

CVE-2026-57872 GV-LPC2011/LPC2211 - unauthorized directory traversal vulnerability (get_fcont.cgi)

An unauthenticated directory traversal vulnerability exists in getfcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attack...

CVE-2026-57872

CVE-2026-57872 affects GeoVision GV-LPC2011 and GV-LPC2211 (V1.12 and earlier) via an unauthenticated directory traversal in get_fcont.cgi. The root cause is insufficient validation of user-supplied file paths before file access by the CGI component, enabling an attacker to read arbitrary files a...

EUVD-2026-39628

An unauthenticated directory traversal vulnerability exists in getfcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attack...

CVE-2025-10268

The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...

CVE-2025-10268

The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...

CVE-2025-10268 Printcart Web to Print Product Designer for WooCommerce <= 2.4.8 - Unauthenticated Folder Content Disclosure via Path Traversal

The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...

CVE-2025-10268

The CVE-2025-10268 entry concerns the Printcart Web to Print Product Designer for WooCommerce WordPress plugin up to version 2.4.8. The vulnerability is a path traversal flaw that allows an attacker to retrieve directory listings for arbitrary server directories. Affected component: the plugin’s ...

EUVD-2025-210347

The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...

WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure

WP Directory Kit plugin for WordPress = 1.4.9 contains a sensitive information exposure caused by improper access control in wdkpublicaction AJAX handler, letting unauthenticated attackers extract email addresses of users with Directory Kit-specific roles. id: CVE-2025-13920 info: name: WP...

WordPress File Manager <= 7.2.1 - Directory Traversal

File Manager and File Manager Pro plugins for WordPress versions up to 7.2.1 and 8.3.4 contain a directory traversal caused by the 'target' parameter in mkfilefoldermanageractioncallbackshortcode, letting attackers read arbitrary files and upload files outside designated directories, exploit...

Vtiger CRM v7.2.0 - Directory Listing

Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication. id: CVE-2020-19363 info: name: Vtiger CRM v7.2.0 - Directory...

PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory

PrestaShop versions after 1.5.0.0 and before 1.7.6.6 are vulnerable to information exposure through directory listing in the upload directory due to a missing index.php file. id: CVE-2020-15081 info: name: PrestaShop 1.7.6.6 - Information Exposure via Upload Directory author: 0xAkoko severity: lo...

JetBackup <= 2.0.9.7 - Sensitive Information Exposure via Directory Listing

JetBackup WordPress plugin = 2.0.9.9 does not use index files to prevent directory listing in certain configurations, letting malicious actors leak backup files, exploit requires access to the web server. id: CVE-2023-7165 info: name: JetBackup = 2.0.9.7 - Sensitive Information Exposure via...

WordPress FastDup <= 2.1.9 Sensitive Information Exposure - Directory Listing

FastDup WordPress plugin 2.2 contains a directory listing vulnerability caused by lack of access restrictions in sensitive directories, letting attackers view export files, exploit requires no authentication. id: CVE-2023-6592 info: name: WordPress FastDup = 2.1.9 Sensitive Information Exposure -...

Control Web Panel (CWP) - File Inclusion

In CWP Control Web Panel, previously CentOS Web Panel before version 0.9.8.1107, an unauthenticated attacker can abuse null byte %00 injection with the "scripts" parameter in the /user/loader.php or /user/login.php endpoints to register arbitrary API keys or access sensitive files. This can be...

Vite Dev Server - Path Traversal

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...

FortiOS - Insecure LDAP Configuration Detection

The FortiGate LDAP configuration was detected to be insecure due to missing ca-cert, secure LDAPS, or server-identity-check, potentially exposing LDAP communications to credential interception or man-in-the-middle attacks under specific network conditions. id: CVE-2019-5591 info: name: FortiOS -...