CVE-2025-1911

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.5.0. This makes it possible for authenticated...

Path Traversal

agentscope is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the save-workflow and load-workflow functionality, allowing an attacker to read and write arbitrary JSON files on the filesystem...

WordPress plugin Product Import Export for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

CVE-2024-13922

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with...

CVE-2025-1972

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2025-1972

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2024-8958

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution...

CVE-2025-1972

CVE-2025-1972 affects the WordPress plugin Export and Import Users and Customers (versions

WordPress plugin Export and Import Users and Customers 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2025-12479 · WordPress · Export/Import Users/Customers

Name of the Vulnerable Software and Affected Versions: Export and Import Users and Customers plugin for WordPress versions prior to 2.6.3 Description: The issue is related to insufficient file path validation in the admin log page function, allowing authenticated attackers with Administrator-leve...

CVE-2025-0694

Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access...

GHSA-H254-G997-685C FastChat Server-Side Request Forgery vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the /queue/join? endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal...

CVE-2024-13922

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with...

CVE-2024-11449

A vulnerability in haotian-liu/llava version 1.2.0 LLaVA-1.6 allows for Server-Side Request Forgery SSRF through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation o...

CVE-2025-0694

Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access...

CVE-2025-0694 CODESYS Control V3 removable media path traversal

Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access...

CVE-2025-0694

CVE-2025-0694 affects CODESYS Control: insufficient path validation leads to a path traversal flaw that can grant a low-privileged attacker with physical access full filesystem access. The vulnerability is described across multiple feeds (NVD, Red Hat, CVE list) as a removable-media/path traversa...

CODESYS Control 路径遍历漏洞

CODESYS Control is a suite of industrial control program programming software from CODESYS, Germany. CODESYS Control suffers from a path traversal vulnerability that stems from insufficient path validation, which could allow a low-privileged attacker to gain full file system access...

Semantic Segmentation Editor 1.6.0 Directory Traversal

Semantic Segmentation Editor version 1.6.0 suffers from multiple directory traversal vulnerabilities. Exploit Title: Semantic Segmentation Editor 1.6.0 - Directory Traversal File Upload Date: 2025-03-14 Exploit Author: Fatih Türüt defendzero.com Vendor Homepage: Hitachi Automotive & Industry Lab...

Path Traversal via Symbolic Links in `ObsidianReader`

Description The ObsidianReader class, designed to parse Obsidian vaults, contains a critical security flaw that allows arbitrary file read through symbolic links symlinks. When processing a vault, the reader does not resolve or validate the absolute paths of files, enabling an attacker to place a...