Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2025-04-29 CVE-2025-4078 A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400.
network
low complexity
CWE-22
4.3
4.3
2025-04-25 CVE-2025-1565 The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.4.1 via the library/wave-audio/peaks/remote_dl.php file.
network
low complexity
CWE-22
7.5
7.5
2025-04-24 CVE-2025-3065 The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4.
network
low complexity
CWE-22
critical
 9.1
9.1
2025-04-24 CVE-2025-3300 The WPMasterToolKit (WPMTK) – All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2.
network
low complexity
CWE-22
7.2
7.2
2025-04-20 CVE-2025-43928 Path Traversal vulnerability in Infodraw Pmrs-102 Firmware 7.1.0.0
In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field.
network
low complexity
infodraw CWE-22
critical
 9.8
9.8
2025-04-20 CVE-2025-43919 Path Traversal vulnerability in GNU Mailman
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter.
network
low complexity
gnu CWE-22
7.5
7.5
2025-04-19 CVE-2025-3404 The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12.
network
low complexity
CWE-22
8.8
8.8
2025-04-18 CVE-2025-3520 The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4.
network
low complexity
CWE-22
8.1
8.1
2025-04-17 CVE-2025-3294 The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1.
network
low complexity
CWE-22
7.2
7.2
2025-04-17 CVE-2025-3295 The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1.
network
low complexity
CWE-22
4.9
4.9