aap-gateway: Improper Path Validation in Gateway Allows Credential Exfiltration

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2025:23069)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23069 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

Jenkins Redpen - Pipeline Reporter for Jira Plugin 安全漏洞

Jenkins Redpen - Pipeline Reporter for Jira Plugin is an open source plugin for Jenkins. A security vulnerability exists in Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and prior versions, which stems from failure to properly validate workspace directory paths, which cou...

CVE-2025-65897

zdhweb is a data collection, processing, monitoring, scheduling, and management platform. In zdhweb thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files...

Emlog Pro 安全漏洞

Emlog Pro is a blogging system of Emlog open source. A security vulnerability exists in Emlog Pro version 2.5.20, which stems from a lack of path validation in the admin/template.php and admin/plugin.php components, which could result in the deletion of arbitrary files...

CVE-2025-13377

The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the getcachedirforpagefromurl function in all versions up to, and including, 2.32.7. This makes it possible for...

CVE-2025-13377 10Web Booster <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache

The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the getcachedirforpagefromurl function in all versions up to, and including, 2.32.7. This makes it possible for...

CVE-2025-65897

zdhweb is a data collection, processing, monitoring, scheduling, and management platform. In zdhweb thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files...

CVE-2025-65897

zdhweb is a data collection, processing, monitoring, scheduling, and management platform. In zdhweb thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files...

CVE-2025-65897

CVE-2025-65897 affects zdh_web up to version 5.6.17. The issue is insufficient validation of file upload paths, allowing an authenticated user to write arbitrary files to the server filesystem, potentially overwriting files and enabling privilege escalation or remote code execution. Multiple sour...

CVE-2025-65897

zdhweb is a data collection, processing, monitoring, scheduling, and management platform. In zdhweb thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files...

PT-2025-49259

Name of the Vulnerable Software and Affected Versions zdh web versions through 5.6.17 Description zdh web is a data collection, processing, monitoring, scheduling, and management platform. Insufficient validation of file upload paths allows an authenticated user to write arbitrary files to the...

alexusmai laravel-file-manager is vulnerable to Directory Traversal via the unzip/extraction functionality

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

CVE-2025-65346

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths...

PT-2025-49047

Name of the Vulnerable Software and Affected Versions alexusmai laravel-file-manager versions 3.3.1 and below Description The laravel-file-manager software contains a flaw related to directory traversal. The unzip/extraction functionality does not properly validate extraction paths, which allows...

GHSA-RR44-8J7R-JG2Q alexusmai laravel-file-manager is vulnerable to Directory Traversal

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the intended scope due to improper path validation...

alexusmai laravel-file-manager is vulnerable to Directory Traversal

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the intended scope due to improper path validation...