WordPress plugin User Extra Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-44568

Name of the Vulnerable Software and Affected Versions Netgate pfSense CE Suricata affected versions not specified Description This issue allows remote attackers to create arbitrary files on affected installations. Authentication is required for exploitation. The flaw is due to insufficient...

PT-2025-44526

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2011R1.9 Description The software contains privilege escalation issues within scripts used for installing or updating system crontab entries. A local user with limited privileges could exploit...

EUVD-2025-36705

Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

Directory Traversal

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied paths...

CVE-2025-11466

Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-34294

Wazuh's File Integrity Monitoring FIM, when configured with automatic threat removal, contains a time-of-check/time-of-use TOCTOU race condition that can allow a local, low-privileged attacker to cause the Wazuh service running as NT AUTHORITY\SYSTEM to delete attacker-controlled files or paths...

CVE-2025-34294

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the behavior originates from a documentation-published Active Response example script. Please refer to this advisory https://github.com/wazuh/wazuh-documentation/security/advisories/GHSA-46r5-xp98-fpgg...

CVE-2025-34294

...

编号撤回

Wazuh File Integrity Monitoring is a file integrity monitoring software from Wazuh USA. A security vulnerability exists in Wazuh File Integrity Monitoring that stems from insufficient synchronization and inadequate final path validation in the threat removal workflow, which could lead to local...

CVE-2025-10916

The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...

EUVD-2025-35137

The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...

CVE-2025-10916

The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...

CVE-2025-10916 FormGent < 1.0.4 - Unauthenticated Arbitrary File Deletion

The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...

CVE-2025-10916

CVE-2025-10916 affects the FormGent WordPress plugin prior to 1.0.4. The vulnerability arises from insufficient file path validation, allowing unauthenticated attackers to delete arbitrary server files. Public references from multiple feeds (Pre‑published and after) corroborate the impact as unau...

WordPress plugin FormGent 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

ClipBucket 路径遍历漏洞

ClipBucket is an open source and freely downloadable PHP script from MacWarrior Open Source. It is used for sharing video sites. A path traversal vulnerability exists in ClipBucket version 5.5.2 - 146, which stems from insufficient validation of file load paths and could lead to a path traversal...

CVE-2023-7311

BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The path parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject and execute arbitrary shell commands on the device. Successfu...

CVE-2023-7311

CVE-2023-7311 affects the BYTEVALUE Intelligent Flow Control Router. A command-injection flaw exists in the /goform/webRead/open endpoint where the unvalidated path parameter is echoed into a shell, enabling arbitrary shell command execution. This can lead to writing backdoors, host privilege esc...

CVE-2025-42937 Directory Traversal vulnerability in SAP Print Service

SAP Print Service SAPSprint performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application...