2117 matches found
CVE-2025-0694
CVE-2025-0694 affects CODESYS Control: insufficient path validation leads to a path traversal flaw that can grant a low-privileged attacker with physical access full filesystem access. The vulnerability is described across multiple feeds (NVD, Red Hat, CVE list) as a removable-media/path traversa...
CODESYS Control 路径遍历漏洞
CODESYS Control is a suite of industrial control program programming software from CODESYS, Germany. CODESYS Control suffers from a path traversal vulnerability that stems from insufficient path validation, which could allow a low-privileged attacker to gain full file system access...
Semantic Segmentation Editor 1.6.0 Directory Traversal
Semantic Segmentation Editor version 1.6.0 suffers from multiple directory traversal vulnerabilities. Exploit Title: Semantic Segmentation Editor 1.6.0 - Directory Traversal File Upload Date: 2025-03-14 Exploit Author: Fatih Türüt defendzero.com Vendor Homepage: Hitachi Automotive & Industry Lab...
Path Traversal via Symbolic Links in `ObsidianReader`
Description The ObsidianReader class, designed to parse Obsidian vaults, contains a critical security flaw that allows arbitrary file read through symbolic links symlinks. When processing a vault, the reader does not resolve or validate the absolute paths of files, enabling an attacker to place a...
WordPress plugin CS Framework 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
CVE-2024-13780
The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenudeletemenu function in all versions up to, and including, 1.16.5. This makes it possible for unauthenticated attackers to delete...
CVE-2024-13780 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Directory Deletion
The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenudeletemenu function in all versions up to, and including, 1.16.5. This makes it possible for unauthenticated attackers to delete...
CVE-2024-13780
CVE-2024-13780 refers to the Hero Mega Menu - Responsive WordPress Menu Plugin (
WordPress plugin Hero Mega Menu 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
CVE-2024-13910
The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'databasebackupajaxdelete' function in all versions up to, and including, 2.35. This makes it possible for authenticated...
PT-2025-8690 · Mautic +1 · Mautic/Core
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A file placement issue exists, allowing assets to be uploaded to unintended server directories. This is due to improper limitation of a pathname to a restricted directory, specifically in th...
Path Traversal
github.com/clidey/whodb/core is vulnerable to Path Traversal. The vulnerability is due to improper path validation due to the lack of checks when joining user-controlled database file names with the default directory, allowing an attacker to use path traversal ../../ to access any Sqlite3 databas...
CVE-2024-21542
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...
CVE-2024-12066
The SMSA Shippingofficial plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsadeletelabel function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...
CVE-2024-3054
WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstggetcustomexcludepathfree action. This is due to the plugin not providing sufficient path validation on the...
CVE-2024-10625
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary...
CVE-2024-2914
A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to...
CVE-2024-11150
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files o...
CVE-2024-20449
A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secur...
CVE-2024-28222
In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file...