2110 matches found
Auth0 Wordpress plugin Does Not Properly Handle File Types in Bulk User Import
Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...
auth0-PHP SDK Does Not Properly Handle File Types in Bulk User Import
Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...
CVE-2025-58769
auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...
CVE-2025-58769 auth0-PHP: Improper File Type Handling in Bulk User Import
auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...
CVE-2025-58769 auth0-PHP: Improper File Type Handling in Bulk User Import
auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...
PT-2025-40296
Name of the Vulnerable Software and Affected Versions auth0-PHP versions 3.3.0 through 8.16.0 Description The Bulk User Import endpoint does not validate file path wrappers or values, potentially allowing acceptance of arbitrary file paths or URLs. This affects applications directly using the...
CVE-2025-10307
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete backup functionality in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with...
CVE-2025-10307 Backuply – Backup, Restore, Migrate and Clone <= 1.4.8 - Authenticated (Admin+) Arbitrary File Deletion
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete backup functionality in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with...
CVE-2025-10307 Backuply – Backup, Restore, Migrate and Clone <= 1.4.8 - Authenticated (Admin+) Arbitrary File Deletion
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete backup functionality in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with...
CVE-2025-10307
CVE-2025-10307 – Backuply WordPress plugin . Affected: Backuply – Backup, Restore, Migrate and Clone (all versions up to 1.4.8). Root cause: insufficient validation of file paths in the delete backup feature, enabling an authenticated attacker with Administrator+ privileges to delete arbitrary se...
PT-2025-39517
Name of the Vulnerable Software and Affected Versions Backuply – Backup, Restore, Migrate and Clone plugin for WordPress versions through 1.4.8 Description The Backuply plugin for WordPress is susceptible to arbitrary file deletion because of inadequate file path validation within the delete back...
SUSE CVE-2025-9079
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...
BIT-MLFLOW-2025-52967
gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...
ROS-20250924-05
The Kea open source DHCP server vulnerability is related to input validation errors in the file path processing. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system Kea open source DHCP server vulnerability is related to incorrect default permissions for...
CVE-2025-9079
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of the import directory path configuration. An attacker can execute arbitrary code by uploading a malicious plugin to the prepackaged plugins directory. This is only exploitable if the attacke...
CVE-2025-9079
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...
CVE-2025-43298
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges...
CVE-2025-43190
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data...
CVE-2025-43314
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data...