Lucene search
+L

236 matches found

ICS
ICS
added 2025/09/16 12:0 a.m.11 views

CISA Thorium multiple vulnerabilities

RISK EVALUATION CISA Thorium is a framework used for malware analysis. Multiple vulnerabilities were reported in Thorium. Impacts include denial of service, authenticated arbitrary file read, and failure to expire previously issued user tokens. 2. RECOMMENDED PRACTICES These issues were...

6.5CVSS7.3AI score0.00461EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/12 9:25 p.m.15 views

CVE-2025-10176 The Hack Repair Guy's Plugin Archiver <= 2.0.4 - Authenticated (Administrator+) Arbitrary File Deletion

The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the prepareitems function in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Administrator-level...

7.2CVSS0.0068EPSS
Exploits0References2
CVE
CVE
added 2025/09/09 8:22 a.m.31 views

CVE-2025-10134

CVE-2025-10134 affects Goza – Nonprofit Charity WordPress Theme up to version 3.2.2. The flaw is in the alone_import_pack_restore_data() function, where insufficient file path validation allows an unauthenticated attacker to delete arbitrary server files (e.g., wp-config.php), with potential remo...

9.1CVSS7.1AI score0.00524EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/09/03 1:52 a.m.6 views

CVE-2025-7039

A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to...

3.7CVSS5.8AI score0.0037EPSS
Exploits0References3
NVD
NVD
added 2025/08/23 5:15 a.m.5 views

CVE-2025-9048

The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delimgajaxcall function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.1CVSS0.00588EPSS
Exploits0References3
CNVD
CNVD
added 2025/08/10 12:0 a.m.2 views

WordPress NinjaScanner plugin file path validation deficiency vulnerability

WordPress NinjaScanner plugin is a lightweight, fast and powerful virus scanning plugin designed for WordPress to detect malware and viruses in websites. WordPress NinjaScanner plugin suffers from an insufficient file path validation vulnerability that can be exploited by an attacker to cause...

7.2CVSS7AI score0.00507EPSS
Exploits0References1
NVD
NVD
added 2025/08/02 4:15 a.m.7 views

CVE-2025-7694

The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wofficefilemanagerdelete function in all versions up to, and including, 5.4.26. This makes it possible for authenticated attackers, with Contributor-level access and abov...

7.5CVSS0.00881EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/31 12:0 a.m.3 views

WordPress plugin NinjaScanner 安全漏洞

WordPress NinjaScanner plugin is a lightweight, fast and powerful virus scanning plugin designed for WordPress to detect malware and viruses in websites. WordPress NinjaScanner plugin suffers from an insufficient file path validation vulnerability that can be exploited by an attacker to cause...

7.2CVSS6.9AI score0.00507EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/07/28 7:34 a.m.14 views

CVE-2025-6989

The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

8.1CVSS6.3AI score0.00428EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/28 4:32 a.m.15 views

CVE-2025-50185

DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...

8.3CVSS7.1AI score0.00407EPSS
Exploits0References1
NVD
NVD
added 2025/07/26 8:15 a.m.7 views

CVE-2025-6989

The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

8.1CVSS0.00428EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/26 7:23 a.m.3 views

CVE-2025-6989 Kallyas <= 4.21.0 - Authenticated (Contributor+) Arbitrary Folder Deletion

The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

8.1CVSS6.3AI score0.00428EPSS
Exploits0References2
CVE
CVE
added 2025/07/26 7:23 a.m.26 views

CVE-2025-6989

CVE-2025-6989 (KALLYAS theme for WordPress) is an authenticated (Contributor+) vulnerability in all versions up to 4.21.0 where delete_font() uses insufficient file-path validation, enabling an attacker to delete arbitrary folders on the server. The issue, with CVSS 3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:...

8.1CVSS6.4AI score0.00428EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/26 12:0 a.m.8 views

PT-2025-30968 · WordPress · Kallyas

Name of the Vulnerable Software and Affected Versions: Kallyas versions prior to 4.21.1 Description: The Kallyas theme for WordPress is susceptible to arbitrary folder deletion due to inadequate file path validation within the delete font function. Authenticated attackers possessing...

8.1CVSS6.7AI score0.00428EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/26 12:0 a.m.16 views

PT-2025-30949 · Dbgate · Dbgate +1

Name of the Vulnerable Software and Affected Versions: DbGate versions 6.6.0 and below Description: DbGate, a cross-platform database manager, allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from...

8.3CVSS6.1AI score0.00407EPSS
Exploits0References5
Veracode
Veracode
added 2025/07/17 10:20 a.m.4 views

Path Traversal

github.com/google/osv-scalibr is vulnerable to path traversal. The vulnerability is due to path traversal caused by improper validation of file paths when using the unpack function with the --remote-image flag on untrusted container images, allowing arbitrary file writes on the host system as the...

6.5CVSS6.4AI score0.00213EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/07/17 3:15 a.m.8 views

CVE-2025-7712

The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpmangadeletezip function in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, whic...

9.1CVSS0.00817EPSS
Exploits0References2
CVE
CVE
added 2025/07/15 4:23 a.m.44 views

CVE-2025-7360

CVE-2025-7360 (HT Contact Form Widget for Elementor / Gutenberg Blocks / Form Builder) The WordPress plugin versions up to 2.2.1 are vulnerable to an arbitrary file move due to insufficient file path validation in handle_files_upload(), allowing unauthenticated attackers to relocate files on the ...

9.8CVSS6.7AI score0.01343EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/07/15 12:0 a.m.4 views

WordPress plugin Alone 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.1CVSS6.6AI score0.00533EPSS
Exploits0References3
CVE
CVE
added 2025/07/14 7:56 p.m.55 views

CVE-2025-53623

CVE-2025-53623 details a code execution vulnerability in the Job Iteration API (extension for ActiveJob) prior to 1.11.0. The issue resides in the CsvEnumerator class, where untrusted input or CSV filenames can trigger arbitrary commands on the host system. Impact includes potential unauthorized ...

9.3CVSS8.2AI score0.00706EPSS
Exploits0References4
Rows per page
Query Builder