| 2025-01-14 | CVE-2024-47566 | Path Traversal vulnerability in Fortinet Fortirecorder
A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. | 6.0 |
| 2025-01-09 | CVE-2024-11642 | The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.4.12 via the 'locate_template' function. network low complexity CWE-22 critical | 9.8 |
| 2025-01-08 | CVE-2024-9939 | Path Traversal vulnerability in Iptanus Wordpress File Upload
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. | 7.5 |
| 2025-01-08 | CVE-2024-10585 | Path Traversal vulnerability in Revmakx Infinitewp Client
The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. | 5.3 |
| 2025-01-08 | CVE-2023-52953 | Path Traversal vulnerability in Huawei Emui and Harmonyos
Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | 9.1 |
| 2025-01-07 | CVE-2024-12152 | The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. | 7.5 |
| 2025-01-07 | CVE-2024-12849 | The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. | 7.5 |
| 2025-01-04 | CVE-2024-41765 | Path Traversal vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2024-12-31 | CVE-2024-12105 | Path Traversal vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. | 6.5 |
| 2024-12-24 | CVE-2024-12850 | The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the database_backup_ajax_download() function. | 4.9 |