PT-2025-17924 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2025.03.1 Description: The issue is related to improper path validation in the loggingPreset parameter. This could potentially allow for unauthorized access or manipulation of files. Recommendations: For...

CVE-2025-3065

The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote co...

Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the extractFileFromZip method. The issue results from the lack of proper...

PT-2025-17875 · Allegra +1 · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. The specific flaw exists within the implementation of the isZipEntryValide method, which...

PT-2025-17874 · Allegra +1 · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this issue. The flaw exists within the implementatio...

PT-2025-17712 · Unknown · Database Toolset

Name of the Vulnerable Software and Affected Versions: Database Toolset plugin versions 1.8.4 and earlier Description: The issue is related to insufficient file path validation in a function, allowing unauthenticated attackers to delete arbitrary files on the server. This can lead to remote code...

Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the isZipEntryValide method. The issue results from the lack of proper...

PT-2025-17356 · WordPress · Clever - Html5 Radio Player With History - Shoutcast/Icecast - Elementor Widget Addon

Name of the Vulnerable Software and Affected Versions: CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress versions up to, and including, 2.4 Description: The issue is related to insufficient file path validation in the 'history.php' file...

WordPress plugin CLEVER 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-3520

The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the...

CVE-2025-3294

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected...

CVE-2025-3294

The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected...

DEBIAN-CVE-2025-22079

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate ltreedepth to avoid out-of-bounds access The ltreedepth field is 16-bit le16, but the actual maximum depth is limited to OCFS2MAXPATHDEPTH. Add a check to prevent out-of-bounds access if ltreedepth has an invalid...

CVE-2024-13177

CVE-2024-13177 affects Netskope Client on macOS where the postinstall script fails to validate the path of the nsinstallation file, allowing a local attacker to create a symlink to escalate privileges to a different file. Reported impact is privilege escalation with affected versions before 123.0...

Netskope Client 安全漏洞

Netskope Client is a client program from Netskope USA for connecting to manage the Netskope Cloud Platform. A security vulnerability exists in Netskope Client that stems from a postinstall script that does not properly validate the path to the nsinstallation file, which could lead to elevation of...

CVE-2025-30014

SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity and Availability are...

CVE-2025-30014

CVE-2025-30014 affects SAP Capital Yield Tax Management with a directory traversal vulnerability due to insufficient path validation. An attacker with low privileges could read files outside the intended directory, exposing confidentiality (integrity and availability unaffected). CVSS 3.1 base sc...

CVE-2025-30014 Directory Traversal vulnerability in SAP Capital Yield Tax Management

SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity and Availability are...

PT-2025-15333 · WordPress · Simple Wp Events

Name of the Vulnerable Software and Affected Versions: Simple WP Events plugin for WordPress versions up to and including 1.8.17 Description: The issue arises from insufficient file path validation in the wpe delete file AJAX action, allowing unauthenticated attackers to delete arbitrary files on...

CVE-2025-2941

The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move...