CVE-2025-9217

The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.7.36 via the 'usedsvg' and 'usedimages' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary fil...

CVE-2025-8562

The Custom Query Shortcode plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.4.0 via the 'lens' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which can...

CVE-2024-13982

SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rjgettoken.php endpoint. The flaw arises from insufficient input validation on the jsondataurl parameter, which allows attackers to perfor...

CVE-2025-9217

The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.7.36 via the 'usedsvg' and 'usedimages' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary fil...

CVE-2025-9217

The CVE CVE-2025-9217 affects the WordPress Slider Revolution plugin, with a path traversal vulnerability in versions up to 6.7.36 exploitable via the used_svg and used_images parameters. Authenticated attackers with Contributor-level access or higher can read arbitrary server files containing se...

PT-2025-35211

Name of the Vulnerable Software and Affected Versions: Slider Revolution versions prior to 6.7.37 Description: The Slider Revolution plugin for WordPress is susceptible to a path traversal issue in versions up to and including 6.7.36. This allows authenticated attackers with Contributor-level...

CVE-2025-8562 Custom Query Shortcode <= 0.4.0 - Authenticated (Contributor+) Path Traversal via lens Parameter

The Custom Query Shortcode plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.4.0 via the 'lens' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which can...

PT-2025-34602 · WordPress · Custom Query Shortcode

Name of the Vulnerable Software and Affected Versions: Custom Query Shortcode versions prior to 0.4.1 Description: The Custom Query Shortcode plugin for WordPress is vulnerable to a Path Traversal issue via the lens parameter. Authenticated attackers with Contributor-level access or higher can re...

WordPress plugin Custom Query Shortcode 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

CVE-2025-36157

IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions...

CVE-2025-55295

qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. A path traversal vulnerability exists in qbitmanage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restoreconfigfrombackup endpoint. The vulnerability...

CVE-2025-55295 qBit Manage Path Traversal Vulnerability

qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. A path traversal vulnerability exists in qbitmanage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restoreconfigfrombackup endpoint. The vulnerability...

CVE-2025-8081

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the ImportImages::import function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access an...

CVE-2025-8081 Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the ImportImages::import function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access an...

PT-2025-32629 · WordPress · Elementor

Name of the Vulnerable Software and Affected Versions: Elementor plugin for WordPress versions up to and including 3.30.2 Description: The Elementor plugin for WordPress is susceptible to arbitrary file reading due to insufficient filename controls within the Import Images::import function...

CVE-2025-50233

A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outsi...

Linknat VOS Manager 安全漏洞

Linknat VOS Manager is a VOS web operating platform for mobile use by China Kunshi Network Linknat. A security vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, which stems from a path traversal attack that could result in reading arbitrary files on the server...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the GetFile function in the filecontroller.go. An attacker can access arbitrary files on the server by manipulating the fileName argument. Details A Directory Traversal attack also known as path traversal aims to...

CVE-2025-6209 Arbitrary File Read through Path Traversal in run-llama/llama_index

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

FileBrowser Command Injection Vulnerability

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a command injection vulnerability that can be exploited by an attacker to gain read and write...