VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-05-15
CVE-2025-4720
A vulnerability was found in SourceCodester Student Result Management System 1.0.
network
low complexity
CWE-22
5.4
5.4
2025-05-15
CVE-2025-4564
The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and including, 3.18.
network
low complexity
CWE-22
critical
9.8
9.8
2025-05-15
CVE-2024-13914
The File Manager Advanced Shortcode WordPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6 (advanced-file-manager-pro-premium), via the 'file_manager_advanced' shortcode.
network
low complexity
CWE-22
7.2
7.2
2025-05-13
CVE-2025-43566
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read.
network
low complexity
CWE-22
6.8
6.8
2025-05-13
CVE-2025-30387
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
network
low complexity
CWE-22
critical
9.8
9.8
2025-05-11
CVE-2025-4530
A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0.
network
low complexity
CWE-22
4.3
4.3
2025-05-11
CVE-2025-4529
A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2.
network
low complexity
CWE-22
4.3
4.3
2025-05-10
CVE-2025-2158
The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post custom fields.
network
low complexity
CWE-22
8.8
8.8
2025-05-09
CVE-2025-3897
The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.7.2 via the 'file_get_contents' function.
network
high complexity
CWE-22
5.9
5.9
2025-05-09
CVE-2025-4206
The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'process_export_delete' and 'process_import_delete' functions in all versions up to, and including, 4.1.1.2.
network
low complexity
CWE-22
7.2
7.2
«
1
(current)
2
3
4
5
...
378
379
»
Next