Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2025-04-14 CVE-2025-3562 A vulnerability was found in Yonyou YonBIP MA2.7.
network
low complexity
CWE-22
4.3
2025-04-14 CVE-2025-3547 A vulnerability classified as critical was found in frdel Agent-Zero 0.8.1.2.
network
low complexity
CWE-22
6.3
2025-04-11 CVE-2025-2636 The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter.
network
low complexity
CWE-22
critical
9.8
2025-04-08 CVE-2025-30290 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass.
network
low complexity
CWE-22
8.7
2025-04-08 CVE-2024-41792 A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
network
low complexity
CWE-22
8.6
2025-04-08 CVE-2025-2519 The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1.
network
low complexity
CWE-22
6.5
2025-04-06 CVE-2025-3317 A vulnerability classified as problematic has been found in fumiao opencms up to a0fafa5cff58719e9b27c2a2eec204cc165ce14f.
network
low complexity
CWE-22
4.3
2025-04-05 CVE-2025-2941 The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file[] parameter in all versions up to, and including, 1.1.4.
network
low complexity
CWE-22
critical
9.8
2025-04-04 CVE-2025-2270 The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.9.1 via the createCdObj function.
network
high complexity
CWE-22
8.1
2025-04-04 CVE-2025-3214 A vulnerability has been found in JFinal CMS up to 5.2.4 and classified as problematic.
network
low complexity
CWE-22
4.3