CVE-2025-3103

The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the 'history.php' file in all versions up to, and including, 2.4. This makes it possible for...

SonicWall NetExtender Windows client Improper Link Resolution Vulnerability

SonicWALL NetExtender Windows client is a Windows-based SSL VPN Virtual Private Network client application from SonicWALL USA. The SonicWALL NetExtender Windows client suffers from an improper link resolution vulnerability that stems from improper link resolution, which can be exploited by an...

CVE-2025-3065

The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote co...

PT-2025-17712 · Unknown · Database Toolset

Name of the Vulnerable Software and Affected Versions: Database Toolset plugin versions 1.8.4 and earlier Description: The issue is related to insufficient file path validation in a function, allowing unauthenticated attackers to delete arbitrary files on the server. This can lead to remote code...

PT-2025-17874 · Allegra +1 · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this issue. The flaw exists within the implementatio...

Code-Projects Online Class and Exam Scheduling System 安全漏洞

Code-Projects Online Class and Exam Scheduling System is an online class and exam scheduling system from Code-Projects open source. A security vulnerability exists in Code-Projects Online Class and Exam Scheduling System version 1.0, which stems from incorrect manipulation of the class parameter ...

CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

CVE-2025-32951 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

PT-2025-17577 · Cuba Jpa · Cuba Jpa

Name of the Vulnerable Software and Affected Versions: Cuba JPA versions prior to 1.1.1 Description: The Cuba JPA web API allows loading and saving entities defined in the application data model through simple HTTP requests. Prior to version 1.1.1, the input parameter, which includes a file path...

Jmix 跨站脚本漏洞

Jmix is a set of libraries and tools from Jmix, Inc. for accelerating Spring Boot data-centric application development. A cross-site scripting vulnerability exists in Jmix versions 1.0.0 through 1.6.1 and 2.0.0 through 2.3.4, which stems from improperly manipulated file paths and could lead to...

PT-2025-17356 · WordPress · Clever - Html5 Radio Player With History - Shoutcast/Icecast - Elementor Widget Addon

Name of the Vulnerable Software and Affected Versions: CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress versions up to, and including, 2.4 Description: The issue is related to insufficient file path validation in the 'history.php' file...

CVE-2025-3294

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected...

CVE-2025-24907

CVE-2025-24907 concerns Hitachi Vantara Pentaho Data Integration & Analytics. Affected versions are before 10.2.0.2, including 9.3.x and 8.3.x. The issue arises because user input used as a file path through the CGG Draw API is not properly neutralized, allowing doubled triple-dot sequences ('......

CVE-2024-13177

CVE-2024-13177 affects Netskope Client on macOS where the postinstall script fails to validate the path of the nsinstallation file, allowing a local attacker to create a symlink to escalate privileges to a different file. Reported impact is privilege escalation with affected versions before 123.0...

CVE-2025-21197

Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content...

CVE-2025-23010

SonicWall NetExtender Windows client (32/64-bit) is affected by CVE-2025-23010: an Improper Link Resolution Before File Access (Link Following) vulnerability that can allow an attacker to manipulate file paths. Concrete details in connected sources indicate affected versions include 10.3.1 and ea...

CVE-2025-23010

An Improper Link Resolution Before File Access 'Link Following' vulnerability in SonicWall NetExtender Windows 32 and 64 bit client which allows an attacker to manipulate file paths...

SonicWALL NetExtender Windows client 安全漏洞

SonicWALL NetExtender Windows client is a Windows-based SSL VPN Virtual Private Network client application from SonicWALL USA. The SonicWALL NetExtender Windows client suffers from an improper link resolution vulnerability that stems from improper link resolution, which can be exploited by an...

CVE-2025-21197

Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content...