Total
146 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52712 | 2 Boldgrid, Wordpress | 2 Post And Page Builder By Boldgrid - Visual Drag And Drop Editor, Wordpress | 2025-08-14 | 4.2 Medium |
| Path Traversal vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Path Traversal. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8. | ||||
| CVE-2025-30515 | 1 Cyberdata | 2 011209 Sip Emergency Intercom, 011209 Sip Emergency Intercom Firmware | 2025-08-12 | 9.8 Critical |
| CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system. | ||||
| CVE-2024-56213 | 2 Themewinter, Wordpress | 2 Eventin, Wordpress | 2025-08-11 | 6.5 Medium |
| Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7. | ||||
| CVE-2025-53417 | 1 Delta Electronics | 1 Diaview | 2025-08-05 | N/A |
| DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability | ||||
| CVE-2021-1132 | 1 Cisco | 1 Network Services Orchestrator | 2025-08-05 | 5.3 Medium |
| A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data. This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2020-26073 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2025-08-04 | 7.5 High |
| A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2025-20320 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2025-07-21 | 6.3 Medium |
| In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will. | ||||
| CVE-2025-52810 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.1 High |
| Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1. | ||||
| CVE-2025-52811 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.1 High |
| Path Traversal vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme allows PHP Local File Inclusion. This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through 1.3. | ||||
| CVE-2025-52805 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.5 High |
| Path Traversal vulnerability in VaultDweller Leyka allows PHP Local File Inclusion. This issue affects Leyka: from n/a through 3.31.9. | ||||
| CVE-2025-46441 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Path Traversal: '.../...//' vulnerability in ctltwp Section Widget allows Path Traversal.This issue affects Section Widget: from n/a through 3.3.1. | ||||
| CVE-2024-52447 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.6 High |
| Path Traversal: '.../...//' vulnerability in Corporate Zen Contact Page With Google Map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through 1.6.1. | ||||
| CVE-2024-56214 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.3 High |
| Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro allows Path Traversal.This issue affects Userpro: from n/a through 5.1.9. | ||||
| CVE-2025-25122 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.1 High |
| Path Traversal vulnerability in NotFound WizShop allows PHP Local File Inclusion. This issue affects WizShop: from n/a through 3.0.2. | ||||
| CVE-2025-22786 | 2 Elementinvader, Wordpress | 2 Elementinvader Addons For Elementor, Wordpress | 2025-07-12 | 7.5 High |
| Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6. | ||||
| CVE-2024-10857 | 1 Tychesoftwares | 1 Product Input Fields For Woocommerce | 2025-07-09 | 6.5 Medium |
| The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2025-40573 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-07-08 | 4.4 Medium |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder. | ||||
| CVE-2025-27445 | 2025-06-19 | 5.4 Medium | ||
| A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files | ||||
| CVE-2023-5800 | 1 Axis | 3 Axis Os, Axis Os 2020, Axis Os 2022 | 2025-06-17 | 5.4 Medium |
| Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2025-49451 | 2025-06-17 | 7.5 High | ||
| Path Traversal vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery allows Path Traversal. This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through 1.0.12. | ||||