Lucene search
K

2148 matches found

CNNVD
CNNVD
added 2025/07/26 12:0 a.m.7 views

DbGate 安全漏洞

DbGate is a database manager from the DbGate open source. A security vulnerability exists in DbGate 6.6.0 and earlier versions, which stems from insufficient file path validation and could lead to unauthorized file access...

8.3CVSS6.4AI score0.00407EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/26 12:0 a.m.6 views

WordPress plugin Kallyas 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

8.1CVSS6.6AI score0.00428EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/26 12:0 a.m.4 views

PT-2025-30968 · WordPress · Kallyas

Name of the Vulnerable Software and Affected Versions: Kallyas versions prior to 4.21.1 Description: The Kallyas theme for WordPress is susceptible to arbitrary folder deletion due to inadequate file path validation within the delete font function. Authenticated attackers possessing...

8.1CVSS6.7AI score0.00428EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/26 12:0 a.m.9 views

PT-2025-30949 · Dbgate · Dbgate +1

Name of the Vulnerable Software and Affected Versions: DbGate versions 6.6.0 and below Description: DbGate, a cross-platform database manager, allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from...

8.3CVSS6.1AI score0.00407EPSS
Exploits0References5
NVD
NVD
added 2025/07/22 9:15 p.m.5 views

CVE-2025-8038

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.8CVSS0.00225EPSS
Exploits0References5
CVE
CVE
added 2025/07/22 8:49 p.m.64 views

CVE-2025-8038

CVE-2025-8038 corresponds to a Mozilla framing/navigation vulnerability where Thunderbird ignored path checks when validating navigations in a frame. Affected products include Firefox before 141 and Firefox ESR before 140.1, and Thunderbird before 141 and before 140.1. Root cause per the sources ...

9.8CVSS7.3AI score0.00225EPSS
Exploits0References5Affected Software2
ATTACKERKB
ATTACKERKB
added 2025/07/22 8:49 p.m.3 views

CVE-2025-8038

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.8CVSS5.8AI score0.00225EPSS
Exploits0References6
NVD
NVD
added 2025/07/22 8:15 p.m.5 views

CVE-2025-51475

Arbitrary File Overwrite AFO in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join and lac...

5CVSS0.00782EPSS
Exploits1References3
OSV
OSV
added 2025/07/22 8:15 p.m.5 views

CVE-2025-51475

Arbitrary File Overwrite AFO in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join and lac...

5CVSS7.3AI score0.00782EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.7 views

PT-2025-30487

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 141 Thunderbird versions prior to 140.1 Firefox versions prior to 141 Firefox ESR versions prior to 140.1 Description Thunderbird and Firefox incorrectly handled path validation during frame navigations. This issu...

10CVSS7.5AI score0.09348EPSS
Exploits2References187
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.4 views

PT-2025-30455 · Unknown · Transformeroptimus/Superagi

Name of the Vulnerable Software and Affected Versions: TransformerOptimus SuperAGI version 0.0.14 Description: An arbitrary file overwrite issue exists in the superagi.controllers.resources.upload component. This allows remote attackers to overwrite arbitrary files by submitting unsanitized...

5CVSS6.7AI score0.00782EPSS
Exploits1References5
CNVD
CNVD
added 2025/07/21 12:0 a.m.4 views

Siemens SINEC NMS Path Traversal Vulnerability (CNVD-2025-16627)

Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A path traversal vulnerability exists in Siemens SINEC NMS that stems...

8.8CVSS7AI score0.07166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/18 7:3 a.m.12 views

CVE-2025-7359

The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitorgetblock function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to delete arbitrary...

8.2CVSS6.7AI score0.0045EPSS
Exploits0References1
Veracode
Veracode
added 2025/07/17 10:20 a.m.4 views

Path Traversal

github.com/google/osv-scalibr is vulnerable to path traversal. The vulnerability is due to path traversal caused by improper validation of file paths when using the unpack function with the --remote-image flag on untrusted container images, allowing arbitrary file writes on the host system as the...

6.5CVSS6.4AI score0.00208EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/07/17 3:15 a.m.8 views

CVE-2025-7712

The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpmangadeletezip function in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, whic...

9.1CVSS0.00817EPSS
Exploits0References2
NVD
NVD
added 2025/07/15 5:15 a.m.6 views

CVE-2025-7341

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the tempfiledelete function in all versions up to, and including, 2.2.1. This makes it possible for...

9.8CVSS0.01094EPSS
Exploits0References3
CVE
CVE
added 2025/07/15 4:23 a.m.37 views

CVE-2025-7360

CVE-2025-7360 (HT Contact Form Widget for Elementor / Gutenberg Blocks / Form Builder) The WordPress plugin versions up to 2.2.1 are vulnerable to an arbitrary file move due to insufficient file path validation in handle_files_upload(), allowing unauthenticated attackers to relocate files on the ...

9.8CVSS6.7AI score0.01343EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/07/15 12:0 a.m.4 views

WordPress plugin HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in...

9.8CVSS6.6AI score0.01343EPSS
Exploits0References4
CNVD
CNVD
added 2025/07/15 12:0 a.m.2 views

Siemens SINEC NMS Path Traversal Vulnerability (CNVD-2025-16629)

Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A path traversal vulnerability exists in Siemens SINEC NMS that stems...

8.8CVSS7AI score0.07166EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/15 12:0 a.m.4 views

WordPress plugin Alone 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.1CVSS6.6AI score0.00533EPSS
Exploits0References3
Rows per page
Query Builder