CVE-2023-43687

An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 and Nebula 2020-10-21 and later. There is a Race condition that leads to code execution because of a lack of locks between file verification and execution...

Seagate Toolkit 安全漏洞

Seagate Toolkit is a software for managing and backing up data from Seagate USA. A security vulnerability exists in Seagate Toolkit versions prior to 2.34.0.33, which originates from an un-referenced search path or element and could result in the execution of a malicious file...

The vulnerability of the cloud integrated development environment (IDE) Atheos relates to an incorrect restriction on the path to the restricted access directory. This allows a perpetrator to execute arbitrary files on the server.

The vulnerability of the cloud integrated development environment IDE Atheos is related to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary files on the server remotely...

CVE-2015-10133

The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows authenticated attackers, with administrative privileges and above, to include and execute arbitrary files on the server, allowing the...

PT-2025-28338 · WordPress · Woodmart

Name of the Vulnerable Software and Affected Versions: WoodMart plugin for WordPress versions up to, and including, 8.2.3 Description: The issue allows authenticated attackers with Contributor-level access and above to include and execute arbitrary .php files on the server via the layout attribut...

PT-2025-27586 · WordPress · The Ads Pro Plugin

Name of the Vulnerable Software and Affected Versions: The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager versions up to, and including, 4.89 Description: The issue allows unauthenticated attackers to include and execute arbitrary files on the server via the bsa template parameter o...

CVE-2025-52562 Convey Panel Directory Traversal in LocaleController leading to Remote Code Execution

Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave Convoy. An unauthenticated remote attacker can exploit this vulnerability by sending a specially...

PT-2025-26645 · Convoy · Convoy

Name of the Vulnerable Software and Affected Versions: Convoy versions 3.9.0-rc3 through 4.4.0 Description: Convoy is a KVM server management panel for hosting businesses. A directory traversal vulnerability exists in the LocaleController component, allowing an unauthenticated remote attacker to...

Path Traversal

Liferay is vulnerable to path traversal. The vulnerability is due to improper validation of the comliferayserveradminwebportletServerAdminPortletjarName parameter, which allows remote attackers to add or execute arbitrary files...

CVE-2025-3594

CVE-2025-3594 is a path traversal vulnerability in Liferay Portal 7.0.0–7.4.3.4 and Liferay DXP 7.4 GA, 7.3 GA through update 34, plus older unsupported versions. It allows remote attackers to add files to arbitrary server locations and to download/execute arbitrary files from the download server...

PT-2025-25557 · Liferay +1 · Liferay Portal +2

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.0.0 through 7.4.3.4 Liferay DXP versions 7.4 GA, 7.3 GA through update 34 Description: A path traversal vulnerability exists with the downloading and installation of Xuggler, allowing remote attackers to add files to...

CVE-2025-4200

The Zagg - Electronics & Accessories WooCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.1 via the loadview function that is called via at least three AJAX actions: 'loadmorepost', 'loadshop', and 'loadmoreproduct. This...

CVE-2025-4200 Zagg - Electronics & Accessories WooCommerce WordPress Theme <= 1.4.1 - Unauthenticated Local File Inclusion

The Zagg - Electronics & Accessories WooCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.1 via the loadview function that is called via at least three AJAX actions: 'loadmorepost', 'loadshop', and 'loadmoreproduct. This...

CVE-2025-4275

A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot...

PT-2025-24464 · Unknown · Snstheme Nitan

Name of the Vulnerable Software and Affected Versions: snstheme Nitan versions n/a through 2.9 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This...

CVE-2025-48492

GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution RCE. This issue is set to ...

CVE-2025-22133

WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar,...

CVE-2024-29368

An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content...

CVE-2024-2203

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on t...

CVE-2024-22514

An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file...