Lucene search
K

2143 matches found

Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.10 views

PT-2025-33459 · Unknown +1 · Nextgen Gallery +1

Name of the Vulnerable Software and Affected Versions: Assistant for NextGEN Gallery plugin for WordPress versions up to and including 1.0.9 Description: The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation i...

7.5CVSS6.6AI score0.00495EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.7 views

PT-2025-33463 · WordPress · Icons Factory

Name of the Vulnerable Software and Affected Versions: Icons Factory plugin for WordPress versions up to and including 1.6.12 Description: The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the dele...

9.8CVSS7.6AI score0.00628EPSS
Exploits0References8
Zero Day Initiative
Zero Day Initiative
added 2025/08/13 12:0 a.m.6 views

Delta Electronics DIAView Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. The issue results fr...

9.8CVSS7.7AI score0.10854EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/08/13 12:0 a.m.4 views

Delta Electronics DIAView Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics DIAView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. The issue...

7.5CVSS6.5AI score0.10854EPSS
Exploits0References1
NVD
NVD
added 2025/08/12 3:15 a.m.8 views

CVE-2025-5391

The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletefile function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

8.1CVSS0.00785EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/12 2:24 a.m.3 views

CVE-2025-5391 WooCommerce Purchase Orders <= 1.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion

The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletefile function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

8.1CVSS7.9AI score0.00785EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/12 2:24 a.m.7 views

CVE-2025-5391 WooCommerce Purchase Orders <= 1.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion

The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletefile function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

8.1CVSS0.00785EPSS
Exploits0References4
CVE
CVE
added 2025/08/12 2:24 a.m.24 views

CVE-2025-5391

CVE-2025-5391 affects the WooCommerce Purchase Orders plugin for WordPress (versions ≤ 1.0.2). The vulnerability arises from insufficient file path validation in the delete_file() function, allowing authenticated attackers with Subscriber-level access or higher to delete arbitrary files on the se...

8.1CVSS7.9AI score0.00785EPSS
Exploits0References4
CNVD
CNVD
added 2025/08/11 12:0 a.m.3 views

Delta Electronics DIAView Catalog Traversal Vulnerability

Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A directory traversal vulnerability exists in Delta Electronics DIAView, which stems from a lack of validity checking of paths used by the program to process directory requests, and can be exploited by...

9.3CVSS6.7AI score0.10854EPSS
Exploits0References1
CNVD
CNVD
added 2025/08/10 12:0 a.m.1 views

WordPress NinjaScanner plugin file path validation deficiency vulnerability

WordPress NinjaScanner plugin is a lightweight, fast and powerful virus scanning plugin designed for WordPress to detect malware and viruses in websites. WordPress NinjaScanner plugin suffers from an insufficient file path validation vulnerability that can be exploited by an attacker to cause...

7.2CVSS7AI score0.00507EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/07 12:31 a.m.8 views

CVE-2025-54794

Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability t...

7.7CVSS6.2AI score0.00852EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/08/06 2:53 a.m.3 views

SUSE CVE-2025-53632

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...

9.1CVSS7AI score0.00718EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/05 1:42 a.m.2 views

Directory Traversal

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Directory Traversal via imprope...

7.7CVSS7.5AI score0.00852EPSS
Exploits0References2
NVD
NVD
added 2025/08/05 1:15 a.m.6 views

CVE-2025-54794

Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability t...

9.1CVSS0.00852EPSS
Exploits0References1
OSV
OSV
added 2025/08/05 12:8 a.m.4 views

CVE-2025-54794 Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access

Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability t...

7.7CVSS6.8AI score0.00852EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/04 12:0 a.m.7 views

PT-2025-31834

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 0.2.111 Description Claude Code is an agentic coding tool affected by a path validation issue. This flaw uses prefix matching instead of canonical path comparison, allowing bypass of directory restrictions and...

10CVSS5.9AI score0.00852EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2025/08/04 12:0 a.m.4 views

PT-2025-31848 · Anthropic · Filesystem Mcp Server +1

Name of the Vulnerable Software and Affected Versions: Claude affected versions not specified Description: The Claude code exhibits vulnerabilities related to path validation. The system is generally scoped to a current working directory and requests user consent when accessing unfamiliar files o...

7.4AI score
Exploits0References2
NVD
NVD
added 2025/08/02 4:15 a.m.5 views

CVE-2025-7694

The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wofficefilemanagerdelete function in all versions up to, and including, 5.4.26. This makes it possible for authenticated attackers, with Contributor-level access and abov...

7.5CVSS0.00845EPSS
Exploits0References3
Veracode
Veracode
added 2025/08/01 11:31 a.m.4 views

Path Traversal

Aim is vulnerable to Path Traversal. The vulnerability is due to missing path validation due to the extraction of crafted backup tar files in the restorerunbackup function without validating file paths, allowing remote attackers to write arbitrary files to the server's filesystem...

7CVSS7.3AI score0.00458EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/01 12:6 a.m.3 views

CVE-2025-43206

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data...

4CVSS5.8AI score0.00236EPSS
Exploits0References1
Rows per page
Query Builder