PT-2025-26822 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: The Everest Forms Pro plugin for WordPress versions up to, and including, 1.9.4 Description: The issue is related to insufficient file path validation in the delete entry files function, allowing unauthenticated attackers to delete arbitrary...

WordPress plugin Everest Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A security vulnerability exists in the ordPress Everest Forms plugin that stems from insufficient path validation of the deleteentryfiles function, which can be exploited by an...

PYSEC-2025-52

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

CVE-2025-52967

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

Path Traversal

pythona2a is vulnerable to Path traversal. The vulnerability is due to improper validation or sanitization of user-supplied file paths in the createworkflow function, allows an attacker to access arbitrary files on the server by crafting malicious input that traverses directories...

MLflow 代码问题漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. A code issue vulnerability exists in MLflow versions prior to 3.1.0 that stems from a missing...

PHPGurukul Pre-School Enrollment System Project 安全漏洞

The Pre-School Enrollment System Project is a preschool enrollment system project. A directory traversal vulnerability exists in Pre-School Enrollment System Project, which stems from a lack of validity checking of paths in the file update-teacher-pic.php when processing directory requests, and c...

PHPGurukul Pre-School Enrollment System Project 安全漏洞

The Pre-School Enrollment System Project is a preschool enrollment system project. A directory traversal vulnerability exists in Pre-School Enrollment System Project, which stems from a lack of validity checking of paths in the file update-class-pic.php when processing directory requests, and can...

PT-2025-26619 · Unknown · Servicestack

Name of the Vulnerable Software and Affected Versions: ServiceStack affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of ServiceStack. The specific flaw exists within the implementation of the FindType method, which...

ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation o...

Directory Traversal

Salt is vulnerable to a Directory traversal. The vulnerability is due to improper validation of file paths during cache creation, allowing attackers to write or overwrite files outside the intended cache directory...

SAP NetWeaver Visual Composer Directory Traversal Vulnerability

SAP NetWeaver Visual Composer is a graphical modeling environment in the SAP NetWeaver platform for rapid development and deployment of composite applications. A directory traversal vulnerability exists in SAP NetWeaver Visual Composer, which stems from insufficient input path validation, and can...

CVE-2025-6065

The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which c...

PT-2025-25482 · WordPress · Image Resizer On The Fly

Name of the Vulnerable Software and Affected Versions: Image Resizer On The Fly plugin for WordPress versions up to, and including, 1.1 Description: The issue is related to insufficient file path validation in the 'delete' task, allowing unauthenticated attackers to delete arbitrary files on the...

USN-7563-1: .NET vulnerability

It was discovered that .NET did not properly validate search path in Microsoft.NETCore.App.Runtime. An attacker could possibly use this issue to execute arbitrary code...

SAP NetWeaver Visual Composer 路径遍历漏洞

SAP NetWeaver Visual Composer is a graphical modeling environment in the SAP NetWeaver platform for rapid development and deployment of composite applications. A directory traversal vulnerability exists in SAP NetWeaver Visual Composer, which stems from insufficient input path validation, and can...

CVE-2025-3055

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteavatarajax function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

CVE-2025-3485

Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementati...

Path Traversal

Python tarfile module is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during extraction with TarFile.extractall or TarFile.extract when using the filter="data" or filter="tar" parameter, which allows an attacker to craft a malicious tar archive that...

Directory Traversal

tar-fs is vulnerable to Directory traversal. The vulnerability is due to improper path validation during tarball extraction, allowing attackers to write files outside the target directory and potentially overwrite system files or inject malicious content...