SUSE CVE-2025-53632

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...

Directory Traversal

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Directory Traversal via imprope...

CVE-2025-54794

Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability t...

CVE-2025-54794 Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access

Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability t...

PT-2025-31848 · Anthropic · Filesystem Mcp Server +1

Name of the Vulnerable Software and Affected Versions: Claude affected versions not specified Description: The Claude code exhibits vulnerabilities related to path validation. The system is generally scoped to a current working directory and requests user consent when accessing unfamiliar files o...

PT-2025-31834

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 0.2.111 Description Claude Code is an agentic coding tool affected by a path validation issue. This flaw uses prefix matching instead of canonical path comparison, allowing bypass of directory restrictions and...

CVE-2025-7694

The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wofficefilemanagerdelete function in all versions up to, and including, 5.4.26. This makes it possible for authenticated attackers, with Contributor-level access and abov...

Path Traversal

Aim is vulnerable to Path Traversal. The vulnerability is due to missing path validation due to the extraction of crafted backup tar files in the restorerunbackup function without validating file paths, allowing remote attackers to write arbitrary files to the server's filesystem...

CVE-2025-43206

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data...

WordPress plugin NinjaScanner 安全漏洞

WordPress NinjaScanner plugin is a lightweight, fast and powerful virus scanning plugin designed for WordPress to detect malware and viruses in websites. WordPress NinjaScanner plugin suffers from an insufficient file path validation vulnerability that can be exploited by an attacker to cause...

CVE-2025-43206

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to access protected user data...

CVE-2025-43206

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data...

CVE-2025-43206

CVE-2025-43206 describes a local path traversal in macOS where directory-path parsing lacked sufficient validation. Fixed in macOS updates: Sequoia 15.6, Ventura 13.7.7, and Sonoma 14.7.7. The issue could let an app access protected user data due to improved path validation. The CVSS v3.1 base sc...

CVE-2025-43206

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to access protected user data...

CVE-2025-4370

The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on processexternalasseturls function as well as missing path validation in storefile function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticated...

WordPress plugin Brizy 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-31345 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.7.7 macOS versions prior to 13.7.7 macOS versions prior to 15.6 Description: A parsing issue in the handling of directory paths existed due to insufficient path validation. This could allow an application to access...

CVE-2025-6989

The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

CVE-2025-50185

DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...

Samsung MagicINFO 9 Server DeviceLogUploadServlet Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the DeviceLogUploadServlet class. The issue results from the lack of proper...