2143 matches found
PT-2025-33459 · Unknown +1 · Nextgen Gallery +1
Name of the Vulnerable Software and Affected Versions: Assistant for NextGEN Gallery plugin for WordPress versions up to and including 1.0.9 Description: The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation i...
PT-2025-33463 · WordPress · Icons Factory
Name of the Vulnerable Software and Affected Versions: Icons Factory plugin for WordPress versions up to and including 1.6.12 Description: The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the dele...
Delta Electronics DIAView Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. The issue results fr...
Delta Electronics DIAView Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics DIAView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. The issue...
CVE-2025-5391
The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletefile function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-5391 WooCommerce Purchase Orders <= 1.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion
The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletefile function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-5391 WooCommerce Purchase Orders <= 1.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion
The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletefile function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-5391
CVE-2025-5391 affects the WooCommerce Purchase Orders plugin for WordPress (versions ≤ 1.0.2). The vulnerability arises from insufficient file path validation in the delete_file() function, allowing authenticated attackers with Subscriber-level access or higher to delete arbitrary files on the se...
Delta Electronics DIAView Catalog Traversal Vulnerability
Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A directory traversal vulnerability exists in Delta Electronics DIAView, which stems from a lack of validity checking of paths used by the program to process directory requests, and can be exploited by...
WordPress NinjaScanner plugin file path validation deficiency vulnerability
WordPress NinjaScanner plugin is a lightweight, fast and powerful virus scanning plugin designed for WordPress to detect malware and viruses in websites. WordPress NinjaScanner plugin suffers from an insufficient file path validation vulnerability that can be exploited by an attacker to cause...
CVE-2025-54794
Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability t...
SUSE CVE-2025-53632
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...
Directory Traversal
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Directory Traversal via imprope...
CVE-2025-54794
Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability t...
CVE-2025-54794 Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access
Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability t...
PT-2025-31834
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 0.2.111 Description Claude Code is an agentic coding tool affected by a path validation issue. This flaw uses prefix matching instead of canonical path comparison, allowing bypass of directory restrictions and...
PT-2025-31848 · Anthropic · Filesystem Mcp Server +1
Name of the Vulnerable Software and Affected Versions: Claude affected versions not specified Description: The Claude code exhibits vulnerabilities related to path validation. The system is generally scoped to a current working directory and requests user consent when accessing unfamiliar files o...
CVE-2025-7694
The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wofficefilemanagerdelete function in all versions up to, and including, 5.4.26. This makes it possible for authenticated attackers, with Contributor-level access and abov...
Path Traversal
Aim is vulnerable to Path Traversal. The vulnerability is due to missing path validation due to the extraction of crafted backup tar files in the restorerunbackup function without validating file paths, allowing remote attackers to write arbitrary files to the server's filesystem...
CVE-2025-43206
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data...