236 matches found
CISA Thorium multiple vulnerabilities
RISK EVALUATION CISA Thorium is a framework used for malware analysis. Multiple vulnerabilities were reported in Thorium. Impacts include denial of service, authenticated arbitrary file read, and failure to expire previously issued user tokens. 2. RECOMMENDED PRACTICES These issues were...
CVE-2025-10176 The Hack Repair Guy's Plugin Archiver <= 2.0.4 - Authenticated (Administrator+) Arbitrary File Deletion
The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the prepareitems function in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2025-10134
CVE-2025-10134 affects Goza – Nonprofit Charity WordPress Theme up to version 3.2.2. The flaw is in the alone_import_pack_restore_data() function, where insufficient file path validation allows an unauthenticated attacker to delete arbitrary server files (e.g., wp-config.php), with potential remo...
CVE-2025-7039
A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to...
CVE-2025-9048
The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delimgajaxcall function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
WordPress NinjaScanner plugin file path validation deficiency vulnerability
WordPress NinjaScanner plugin is a lightweight, fast and powerful virus scanning plugin designed for WordPress to detect malware and viruses in websites. WordPress NinjaScanner plugin suffers from an insufficient file path validation vulnerability that can be exploited by an attacker to cause...
CVE-2025-7694
The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wofficefilemanagerdelete function in all versions up to, and including, 5.4.26. This makes it possible for authenticated attackers, with Contributor-level access and abov...
WordPress plugin NinjaScanner 安全漏洞
WordPress NinjaScanner plugin is a lightweight, fast and powerful virus scanning plugin designed for WordPress to detect malware and viruses in websites. WordPress NinjaScanner plugin suffers from an insufficient file path validation vulnerability that can be exploited by an attacker to cause...
CVE-2025-6989
The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
CVE-2025-50185
DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...
CVE-2025-6989
The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
CVE-2025-6989 Kallyas <= 4.21.0 - Authenticated (Contributor+) Arbitrary Folder Deletion
The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
CVE-2025-6989
CVE-2025-6989 (KALLYAS theme for WordPress) is an authenticated (Contributor+) vulnerability in all versions up to 4.21.0 where delete_font() uses insufficient file-path validation, enabling an attacker to delete arbitrary folders on the server. The issue, with CVSS 3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:...
PT-2025-30968 · WordPress · Kallyas
Name of the Vulnerable Software and Affected Versions: Kallyas versions prior to 4.21.1 Description: The Kallyas theme for WordPress is susceptible to arbitrary folder deletion due to inadequate file path validation within the delete font function. Authenticated attackers possessing...
PT-2025-30949 · Dbgate · Dbgate +1
Name of the Vulnerable Software and Affected Versions: DbGate versions 6.6.0 and below Description: DbGate, a cross-platform database manager, allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from...
Path Traversal
github.com/google/osv-scalibr is vulnerable to path traversal. The vulnerability is due to path traversal caused by improper validation of file paths when using the unpack function with the --remote-image flag on untrusted container images, allowing arbitrary file writes on the host system as the...
CVE-2025-7712
The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpmangadeletezip function in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, whic...
CVE-2025-7360
CVE-2025-7360 (HT Contact Form Widget for Elementor / Gutenberg Blocks / Form Builder) The WordPress plugin versions up to 2.2.1 are vulnerable to an arbitrary file move due to insufficient file path validation in handle_files_upload(), allowing unauthenticated attackers to relocate files on the ...
WordPress plugin Alone 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2025-53623
CVE-2025-53623 details a code execution vulnerability in the Job Iteration API (extension for ActiveJob) prior to 1.11.0. The issue resides in the CsvEnumerator class, where untrusted input or CSV filenames can trigger arbitrary commands on the host system. Impact includes potential unauthorized ...