Local File Inclusion (LFI)

pythonmistralclient is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper validation of file paths in the 'Create Workbook' feature, which allows an attacker to include and read arbitrary local files from the system...

Directory Traversal

ComposioHQ is vulnerable to Directory Traversal. The vulnerability is due to improper path validation in the downloadfileordir function, which allows an attacker to manipulate file paths and access sensitive files or directories on the system...

Path Traversal

db-gpt is vulnerable to Path Traversal. The vulnerability is due to improper validation of uploaded file paths in the /v1/personal/agent/upload endpoint, which allows an attacker to write arbitrary files to sensitive locations and execute malicious code...

Directory Traversal

alexusmai laravel-file-manager is vulnerable to Directory Traversal. The vulnerability is due to improper path validation in the zip/archiving functionality, which allows an attacker to create crafted archives that include files and directories outside the intended scope...

CVE-2025-14344

The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'pluploadajaxdeletefile' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to delete arbitrar...

CVE-2025-43465

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

CVE-2025-43463

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.1. An app may be able to access sensitive user data...

CVE-2025-43463

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8.3, macOS Tahoe 26.1, macOS Sequoia 15.7.3. An app may be able to access sensitive user data...

CVE-2025-43465

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

CVE-2025-43463

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.1. An app may be able to access sensitive user data...

CVE-2025-43463

CVE-2025-43463 describes a parsing issue in handling directory paths that was mitigated by improved path validation. It affects macOS Sonoma 14.8.3, macOS Tahoe 26.1, and macOS Sequoia 15.7.3, where an app may be able to access sensitive user data. The connected sources corroborate this path-vali...

EUVD-2025-203141

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8.3, macOS Tahoe 26.1, macOS Sequoia 15.7.3. An app may be able to access sensitive user data...

CVE-2025-43463

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.1. An app may be able to access sensitive user data...

CVE-2025-43465

CVE-2025-43465 affects macOS Tahoe prior to 26.1, where a directory-path parsing flaw could allow an app to access sensitive user data. The issue was fixed in macOS Tahoe 26.1 via improved path validation. Remediation: update to macOS 26.1.

CVE-2025-43465

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

CVE-2025-43465

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

EUVD-2025-203003

The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'pluploadajaxdeletefile' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to delete arbitrar...

CVE-2025-14344

The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'pluploadajaxdeletefile' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to delete arbitrar...

CVE-2025-14344 Multi Uploader for Gravity Forms <= 1.1.7 - Unauthenticated Arbitrary File Deletion

The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'pluploadajaxdeletefile' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to delete arbitrar...

CVE-2025-14344

CVE-2025-14344 : WordPress plugin Multi Uploader for Gravity Forms is vulnerable in all versions up to 1.1.7 due to insufficient file path validation in plupload_ajax_delete_file, enabling unauthenticated arbitrary file deletion on the server. Connected sources confirm the issue and note a patch ...