Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE	CVE	VULNERABILITY TITLE	RISK
2025-05-15	CVE-2025-4720	A vulnerability was found in SourceCodester Student Result Management System 1.0. network low complexity CWE-22	5.4
2025-05-15	CVE-2025-4564	The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and including, 3.18. network low complexity CWE-22 critical	9.8
2025-05-15	CVE-2024-13914	The File Manager Advanced Shortcode WordPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6 (advanced-file-manager-pro-premium), via the 'file_manager_advanced' shortcode. network low complexity CWE-22	7.2
2025-05-13	CVE-2025-43566	ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. network low complexity CWE-22	6.8
2025-05-13	CVE-2025-30387	Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network. network low complexity CWE-22 critical	9.8
2025-05-11	CVE-2025-4530	A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. network low complexity CWE-22	4.3
2025-05-11	CVE-2025-4529	A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. network low complexity CWE-22	4.3
2025-05-10	CVE-2025-2158	The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post custom fields. network low complexity CWE-22	8.8
2025-05-09	CVE-2025-3897	The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.7.2 via the 'file_get_contents' function. network high complexity CWE-22	5.9
2025-05-09	CVE-2025-4206	The WordPress CRM, Email & Marketing Automation for WordPress \| Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'process_export_delete' and 'process_import_delete' functions in all versions up to, and including, 4.1.1.2. network low complexity CWE-22	7.2