Lucene search
+L

236 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:45 a.m.8 views

CVE-2025-40737

A vulnerability has been identified in SINEC NMS All versions V4.0. The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privilege...

8.8CVSS7.6AI score0.07166EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/01/09 7:53 a.m.3 views

CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

9.8CVSS6AI score0.00707EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.20 views

CVE-2025-1972

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level...

6.5CVSS7AI score0.00371EPSS
Exploits0References1
Veracode
Veracode
added 2026/01/05 5:48 a.m.10 views

Path Traversal

AdonisJS is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during multipart file handling, which allows a remote attacker to write arbitrary files to arbitrary locations on the server filesystem...

9.2CVSS7.1AI score0.01063EPSS
Exploits3References6Affected Software1
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.7 views

Home Assistant 安全漏洞

Home Assistant is an open source home automation management system from Home Assistant Open Source. The system is primarily used to control home automation devices. A security vulnerability exists in Home Assistant versions prior to 2025.8.0 that stems from insufficient file path validation and...

4CVSS6.3AI score0.00362EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/26 7:58 a.m.21 views

CVE-2025-13380

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...

6.5CVSS5.9AI score0.00471EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/08 9:28 a.m.10 views

CVE-2025-12092 CYAN Backup <= 2.5.4 - Authenticated (Admin+) Arbitrary File Deletion

The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delet...

6.5CVSS0.00708EPSS
Exploits0References3
NVD
NVD
added 2025/11/05 6:15 a.m.4 views

CVE-2025-11072

The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files...

5.3CVSS0.00319EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.5 views

PT-2025-45082

Name of the Vulnerable Software and Affected Versions MelAbu WP Download Counter Button WordPress plugin versions through 1.8.6.7 Description The plugin does not properly check the location of files before allowing downloads. This could allow someone without an account to access and download any...

5.3CVSS6.4AI score0.00319EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.5 views

WordPress plugin User Extra Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS7.6AI score0.0064EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-11971

Malware in sbrugna...

7.8CVSS6.9AI score0.00821EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-10034

Malware in sbrugna...

7.8CVSS7.4AI score0.01004EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/06 6:14 a.m.16 views

CVE-2025-58769

auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...

3.3CVSS7AI score0.00329EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-34210

Malicious code in bioql PyPI...

8.6CVSS7.6AI score0.00462EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-51169

Malicious code in bioql PyPI...

6.5CVSS8.9AI score0.0055EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-11807

Malicious code in bioql PyPI...

8.1CVSS8.7AI score0.00853EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-11515

Malicious code in bioql PyPI...

7.2CVSS7.7AI score0.00884EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.18 views

EUVD-2025-21413

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.01343EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-22782

Malicious code in bioql PyPI...

8.1CVSS6.5AI score0.00428EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2444

Malicious code in bioql PyPI...

9.1CVSS9AI score0.00924EPSS
Exploits1References5
Rows per page
Query Builder