Sliver 路径遍历漏洞

Sliver is an open-source, cross-platform opponent simulation/red team framework developed by Bishop Fox. It can be used by organizations of various sizes for security testing. Versions of Sliver prior to 1.6.11 contained a path traversal vulnerability. This vulnerability stemmed from path travers...

CVE-2025-15487

The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which...

CVE-2023-7335

EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames parameter to read arbitrary files from the server filesystem,...

Path Traversal

mindsdb is vulnerable to a path traversal. The vulnerability is due to improper handling of user-controlled file paths in the file upload API when JSON requests are used, which allows an unauthenticated attacker to exploit directory traversal and read arbitrary files from the server filesystem an...

EUVD-2026-3153

The Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 1.0.1. This is due to insufficient path validation in the server-side rendering of the thim-blocks/icon block. This make...

WordPress plugin Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor: Path traversal vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-66292

DPanel is an open source server management panel written in Go. Prior to 1.9.2, DPanel has an arbitrary file deletion vulnerability in the /api/common/attach/delete interface. Authenticated users can delete arbitrary files on the server via path traversal. When a user logs into the administrative...

CVE-2025-67083

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration...

CVE-2025-67083

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration...

CVE-2025-67083

InvoicePlane before 1.6.3 contains a directory traversal vulnerability that allows unauthenticated attackers to read files from the server. The exact files and types readable depend on server configuration. Affected software is InvoicePlane up to version 1.6.3; the root cause is a directory trave...

InvoicePlane security vulnerabilities

InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. InvoicePlane versions 1.6.3 and earlier have security vulnerabilities, stemming from directory traversal vulnerabilities th...

EUVD-2026-2782

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration...

PT-2026-3027

Name of the Vulnerable Software and Affected Versions InvoicePlane versions through 1.6.3 Description A directory traversal issue exists in InvoicePlane. This allows unauthenticated attackers to read files from the server. The types of files readable and the extent of access depend on the web...

CVE-2025-14301

The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the processtablebulkactions function processing user-supplied file paths without authentication checks, nonce verification, or path validation...

CVE-2022-50899

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

CVE-2026-22200

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

CVE-2022-50899 Geonetwork 4.2.0 - XML External Entity (XXE)

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

e107 代码问题漏洞

e107 is an open source, free and PHP and MySQL based Content Management System CMS from the E107 team. The system supports a variety of plug-ins and appearance of the theme , can be used as a personal blog , discussion community , archive repository and so on. A code issue vulnerability exists in...

CVE-2025-68472 MindsDB has improper sanitation of filepath that leads to information disclosure and DOS

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PU...

EUVD-2026-1922

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PU...