CVE-2025-15546

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

XWiki - Information Disclosure

XWiki 16.7.0 to 16.10.11, 17.4.4, and 17.7.0 using XJetty contains an information disclosure vulnerability caused by exposed context allowing static access to files in webapp/ folder, letting attackers access sensitive files, exploit requires use of XJetty package. id: CVE-2025-55749 info: name:...

XWiki Platform - Information Disclosure

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. id: CVE-2025-55747 info: name: XWiki Platform - Information Disclosure author: Redmomn...

JetBackup <= 2.0.9.7 - Sensitive Information Exposure via Directory Listing

JetBackup WordPress plugin = 2.0.9.9 does not use index files to prevent directory listing in certain configurations, letting malicious actors leak backup files, exploit requires access to the web server. id: CVE-2023-7165 info: name: JetBackup = 2.0.9.7 - Sensitive Information Exposure via...

Vite - Path Traversal

Vite versions prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13 contain a file exposure vulnerability caused by improper handling of request URLs with '' in the dev server running on Node or Bun, letting attackers access arbitrary files, exploit requires the server to be exposed to the network an...

WordPress Core <=6.2 - Directory Traversal

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wplang’ parameter. id: CVE-2023-2745 info: name: WordPress Core =6.2 - Directory Traversal author: nqdung2002 severity: medium description: | WordPress Core is vulnerable to Directory Traversal in...

Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion

Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter. id: CVE-2009-1558 info: name: Cisco Linksys WVC54GCA 1.00R22/1.00R...

VertaAI ModelDB - Path Traversal

The endpoint "/api/v1/artifact/getArtifact?artifactpath=" is vulnerable to path traversal. The main cause of this vulnerability is due to the lack of validation and sanitization of the artifactpath parameter. id: CVE-2023-6023 info: name: VertaAI ModelDB - Path Traversal author:...

Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. id: CVE-2023-29887 info: name: Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion author: ctflearner severity: high description: | A Local...

Chuanhu Chat - Directory Traversal

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion

A directory traversal vulnerability in the iNetLanka Multiple Map commultimap component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1953 info: name: Joomla! Component iNetLanka Multiple Map 1.0 - Local Fil...

Joomla! Component Photo Battle 1.0.1 - Local File Inclusion

A directory traversal vulnerability in the Photo Battle comphotobattle component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php. id: CVE-2010-1461 info: name: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion author: daffainfo...

Adobe ColdFusion - Arbitrary File Read

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary...

NCBI ToolBox - Directory Traversal

NCBI ToolBox 2.0.7 through 2.2.26 legacy versions contain a path traversal vulnerability via viewcgi.cgi which may result in reading of arbitrary files i.e., significant information disclosure or file deletion via the nph-viewgif.cgi query string. id: CVE-2018-16716 info: name: NCBI ToolBox -...

Clustering Local File Inclusion

Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. id: CVE-2021-43496 inf...

11in1 CMS 1.2.1 - Local File Inclusion (LFI)

Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. dot dot in the class parameter to 1 index.php or 2 admin/index.php. id: CVE-2012-0996 info: name: 11in1 CMS 1.2.1 - Local File Inclusion LFI author: daffainfo...

Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion

A directory traversal vulnerability in the J!WHMCS Integrator comjwhmcs component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1977 info: name: Joomla! Component J!WHMCS Integrator 1.5.0 - Local File...

Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion

A directory traversal vulnerability in the Preventive & Reservation compreventive component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1475 info: name: Joomla...

Joomla! Component Percha Fields Attach 1.0 - Directory Traversal

A directory traversal vulnerability in the Percha Fields Attach comperchafieldsattach component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2036 info: name:...

WordPress Ninja Job Board < 1.3.3 - Direct Request

WordPress Ninja Job Board plugin prior to 1.3.3 is susceptible to a direct request vulnerability. The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated directory listing which allows the download of uploaded resumes. id: CVE-2022-2544...