PT-2025-45082

Name of the Vulnerable Software and Affected Versions MelAbu WP Download Counter Button WordPress plugin versions through 1.8.6.7 Description The plugin does not properly check the location of files before allowing downloads. This could allow someone without an account to access and download any...

CVE-2025-43382

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access sensitive user data...

CVE-2025-43382

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data...

CVE-2025-43382

CVE-2025-43382 describes a parsing issue in how macOS handles directory paths, addressed by improved path validation. Affected products include macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, and macOS Tahoe 26.1; an app may be able to access sensitive user data due to this logic/path validation flaw....

CVE-2025-43382

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data...

CVE-2025-43382

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access sensitive user data...

PT-2025-50994

Name of the Vulnerable Software and Affected Versions macOS Sonoma versions prior to 14.8.3 macOS Tahoe versions prior to 26.1 macOS Sequoia versions prior to 15.7.3 Description A flaw exists in how the operating system parses directory paths. This could allow an application to access sensitive...

WordPress plugin User Extra Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-44568

Name of the Vulnerable Software and Affected Versions Netgate pfSense CE Suricata affected versions not specified Description This issue allows remote attackers to create arbitrary files on affected installations. Authentication is required for exploitation. The flaw is due to insufficient...

PT-2025-44526

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2011R1.9 Description The software contains privilege escalation issues within scripts used for installing or updating system crontab entries. A local user with limited privileges could exploit...

EUVD-2025-36705

Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

Directory Traversal

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied paths...

CVE-2025-11466

Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-34294

Wazuh's File Integrity Monitoring FIM, when configured with automatic threat removal, contains a time-of-check/time-of-use TOCTOU race condition that can allow a local, low-privileged attacker to cause the Wazuh service running as NT AUTHORITY\SYSTEM to delete attacker-controlled files or paths...

CVE-2025-34294

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the behavior originates from a documentation-published Active Response example script. Please refer to this advisory https://github.com/wazuh/wazuh-documentation/security/advisories/GHSA-46r5-xp98-fpgg...

CVE-2025-34294

...

编号撤回

Wazuh File Integrity Monitoring is a file integrity monitoring software from Wazuh USA. A security vulnerability exists in Wazuh File Integrity Monitoring that stems from insufficient synchronization and inadequate final path validation in the threat removal workflow, which could lead to local...

CVE-2025-10916

The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...

EUVD-2025-35137

The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...

CVE-2025-10916

The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...