Lucene search
+L

1398 matches found

NVD
NVD
added 2025/12/04 3:15 p.m.8 views

CVE-2025-65346

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

9.1CVSS0.00894EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/04 3:17 a.m.18 views

CVE-2025-13645

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary...

7.2CVSS7.5AI score0.0095EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.4 views

Laravel File Manager 安全漏洞

Laravel File Manager is a Laravel file manager by Aleksandr Manekin Personal Developer. A security vulnerability exists in Laravel File Manager 3.3.1 and earlier versions, which stems from the unzip function not adequately validating the extraction path, potentially leading to a directory travers...

9.1CVSS6.5AI score0.00894EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/04 12:0 a.m.3 views

CVE-2025-65346

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

6.6AI score0.00894EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/04 12:0 a.m.27 views

CVE-2025-65346

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

0.00894EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/04 12:0 a.m.5 views

EUVD-2025-201169

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

6.5AI score0.00894EPSS
Exploits1References3
GitLab Advisory Database
GitLab Advisory Database
added 2025/12/04 12:0 a.m.8 views

alexusmai laravel-file-manager is vulnerable to Directory Traversal via the unzip/extraction functionality

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

9.1CVSS7AI score0.00894EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/12/04 12:0 a.m.7 views

CVE-2025-65346

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

9.1CVSS6.9AI score0.00894EPSS
Exploits1References5
CVE
CVE
added 2025/12/04 12:0 a.m.16 views

CVE-2025-65346

The CVE affects alexusmai laravel-file-manager up to version 3.3.1, where the unzip/extraction feature lacks proper path validation, enabling directory traversal and potentially writing archive contents to arbitrary filesystem locations. No public fix version is indicated in the provided document...

9.1CVSS6.6AI score0.00894EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/12/03 3:16 a.m.12 views

CVE-2025-13646

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files...

7.5CVSS0.00695EPSS
Exploits0References5
NVD
NVD
added 2025/12/03 3:15 a.m.9 views

CVE-2025-13645

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary...

7.2CVSS0.0095EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/03 2:25 a.m.8 views

EUVD-2025-200725

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary...

7.2CVSS7.1AI score0.0095EPSS
Exploits0References7
CVE
CVE
added 2025/12/03 2:25 a.m.21 views

CVE-2025-13645

The CVE-2025-13645 entry concerns the Modula Image Gallery WordPress plugin. Affected versions 2.13.1–2.13.2 are vulnerable to arbitrary file deletion due to insufficient file path validation in the ajax_unzip_file function. Authenticated attackers with Author-level access or higher can delete ar...

7.2CVSS7.2AI score0.0095EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/03 2:25 a.m.9 views

CVE-2025-13645 Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Deletion

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary...

7.2CVSS7.2AI score0.0095EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/03 2:25 a.m.27 views

CVE-2025-13645 Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Deletion

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxunzipfile' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary...

7.2CVSS0.0095EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.5 views

WordPress plugin Modula Image Gallery 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

7.5CVSS6.8AI score0.00695EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.11 views

PT-2025-48789

Name of the Vulnerable Software and Affected Versions Modula Image Gallery plugin for WordPress versions 2.13.1 through 2.13.2 Description The Modula Image Gallery plugin for WordPress is susceptible to arbitrary file deletion due to inadequate file path validation within the ajax unzip file...

7.2CVSS7.1AI score0.0095EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.12 views

PT-2025-48790

Name of the Vulnerable Software and Affected Versions Modula Image Gallery plugin for WordPress versions 2.13.1 through 2.13.2 Description The Modula Image Gallery plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation. This issue is present in the...

7.5CVSS7.6AI score0.00695EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.4 views

Oracle Linux 10 : ELSA-2025-20478-0: / zziplib (ELSA-2025-204780)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-204780 advisory. 0.13.78-2 - Fix directory traversal in unzip binary - Disable the CVE tests during the check phase - the reproducers for these are downloaded from the github...

5.8CVSS5.9AI score0.01538EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/02 9:20 a.m.8 views

CVE-2025-13816

A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be...

8.8CVSS6.4AI score0.00552EPSS
Exploits1References1
Rows per page
Query Builder