PT-2025-17356 · WordPress · Clever - Html5 Radio Player With History - Shoutcast/Icecast - Elementor Widget Addon

Name of the Vulnerable Software and Affected Versions: CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress versions up to, and including, 2.4 Description: The issue is related to insufficient file path validation in the 'history.php' file...

CVE-2025-3294

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected...

CVE-2025-24907

CVE-2025-24907 concerns Hitachi Vantara Pentaho Data Integration & Analytics. Affected versions are before 10.2.0.2, including 9.3.x and 8.3.x. The issue arises because user input used as a file path through the CGG Draw API is not properly neutralized, allowing doubled triple-dot sequences ('......

CVE-2024-13177

CVE-2024-13177 affects Netskope Client on macOS where the postinstall script fails to validate the path of the nsinstallation file, allowing a local attacker to create a symlink to escalate privileges to a different file. Reported impact is privilege escalation with affected versions before 123.0...

CVE-2025-21197

Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content...

CVE-2025-23010

SonicWall NetExtender Windows client (32/64-bit) is affected by CVE-2025-23010: an Improper Link Resolution Before File Access (Link Following) vulnerability that can allow an attacker to manipulate file paths. Concrete details in connected sources indicate affected versions include 10.3.1 and ea...

CVE-2025-23010

An Improper Link Resolution Before File Access 'Link Following' vulnerability in SonicWall NetExtender Windows 32 and 64 bit client which allows an attacker to manipulate file paths...

SonicWALL NetExtender Windows client 安全漏洞

SonicWALL NetExtender Windows client is a Windows-based SSL VPN Virtual Private Network client application from SonicWALL USA. The SonicWALL NetExtender Windows client suffers from an improper link resolution vulnerability that stems from improper link resolution, which can be exploited by an...

CVE-2025-21197

Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content...

CVE-2025-21197

Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content...

CVE-2025-21197

CVE-2025-21197 is an information disclosure in Windows NTFS due to improper access control, enabling an authorized user to disclose file path information in folders they cannot list. Connected sources corroborate NTFS as affected and classify the impact as data exposure. Mitigation involves apply...

Windows NTFS Information Disclosure Vulnerability

Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content...

CVE-2025-3400

A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.20520250114. This affects an unknown part of the file /client/UnChkMailApplication.jsp. The manipulation of the argument typename leads to sql injection. It is possible to initiate the attack remotely. The...

PT-2025-15333 · WordPress · Simple Wp Events

Name of the Vulnerable Software and Affected Versions: Simple WP Events plugin for WordPress versions up to and including 1.8.17 Description: The issue arises from insufficient file path validation in the wpe delete file AJAX action, allowing unauthenticated attackers to delete arbitrary files on...

PT-2025-15914 · Sonicwall · Sonicwall Netextender Windows

Name of the Vulnerable Software and Affected Versions: SonicWall NetExtender versions 10.3.1 and earlier Description: An Improper Link Resolution Before File Access 'Link Following' vulnerability in SonicWall NetExtender Windows 32 and 64 bit client allows an attacker to manipulate file paths. Th...

Cursor 路径遍历漏洞

Cursor is an AI code editor from the Cursor open source. A path traversal vulnerability exists in Cursor versions 0.45.0 through 0.48.6, which stems from not properly restricting file path modification permissions, which could lead to a specially crafted context-triggered write to a file outside...

CVE-2025-2941

The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move...

CVE-2025-2941 Drag and Drop Multiple File Upload for WooCommerce <= 1.1.4 - Unauthenticated Arbitrary File Move

The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move...

CVE-2025-3216

A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been classified as critical. This affects an unknown part of the file /password-recovery.php. The manipulation of the argument username/contactno leads to sql injection. It is possible to initiate the attack remotely. T...

Hardlink-Based Path Traversal in ObsidianReader

Overview A vulnerability has been identified in the ObsidianReader class from llamaindex.readers.obsidian. This vulnerability allows an attacker to bypass the path restriction mechanism using hardlinks , enabling unauthorized access to sensitive system files such as /etc/passwd. Affected Componen...