2148 matches found
DbGate 安全漏洞
DbGate is a database manager from the DbGate open source. A security vulnerability exists in DbGate 6.6.0 and earlier versions, which stems from insufficient file path validation and could lead to unauthorized file access...
WordPress plugin Kallyas 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
PT-2025-30968 · WordPress · Kallyas
Name of the Vulnerable Software and Affected Versions: Kallyas versions prior to 4.21.1 Description: The Kallyas theme for WordPress is susceptible to arbitrary folder deletion due to inadequate file path validation within the delete font function. Authenticated attackers possessing...
PT-2025-30949 · Dbgate · Dbgate +1
Name of the Vulnerable Software and Affected Versions: DbGate versions 6.6.0 and below Description: DbGate, a cross-platform database manager, allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from...
CVE-2025-8038
Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...
CVE-2025-8038
CVE-2025-8038 corresponds to a Mozilla framing/navigation vulnerability where Thunderbird ignored path checks when validating navigations in a frame. Affected products include Firefox before 141 and Firefox ESR before 140.1, and Thunderbird before 141 and before 140.1. Root cause per the sources ...
CVE-2025-8038
Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...
CVE-2025-51475
Arbitrary File Overwrite AFO in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join and lac...
CVE-2025-51475
Arbitrary File Overwrite AFO in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join and lac...
PT-2025-30455 · Unknown · Transformeroptimus/Superagi
Name of the Vulnerable Software and Affected Versions: TransformerOptimus SuperAGI version 0.0.14 Description: An arbitrary file overwrite issue exists in the superagi.controllers.resources.upload component. This allows remote attackers to overwrite arbitrary files by submitting unsanitized...
PT-2025-30487
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 141 Thunderbird versions prior to 140.1 Firefox versions prior to 141 Firefox ESR versions prior to 140.1 Description Thunderbird and Firefox incorrectly handled path validation during frame navigations. This issu...
Siemens SINEC NMS Path Traversal Vulnerability (CNVD-2025-16627)
Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A path traversal vulnerability exists in Siemens SINEC NMS that stems...
CVE-2025-7359
The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitorgetblock function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to delete arbitrary...
Path Traversal
github.com/google/osv-scalibr is vulnerable to path traversal. The vulnerability is due to path traversal caused by improper validation of file paths when using the unpack function with the --remote-image flag on untrusted container images, allowing arbitrary file writes on the host system as the...
CVE-2025-7712
The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpmangadeletezip function in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, whic...
CVE-2025-7341
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the tempfiledelete function in all versions up to, and including, 2.2.1. This makes it possible for...
CVE-2025-7360
CVE-2025-7360 (HT Contact Form Widget for Elementor / Gutenberg Blocks / Form Builder) The WordPress plugin versions up to 2.2.1 are vulnerable to an arbitrary file move due to insufficient file path validation in handle_files_upload(), allowing unauthenticated attackers to relocate files on the ...
WordPress plugin HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in...
Siemens SINEC NMS Path Traversal Vulnerability (CNVD-2025-16629)
Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A path traversal vulnerability exists in Siemens SINEC NMS that stems...
WordPress plugin Alone 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...