Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2025-03-24 CVE-2025-2708 A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1.
network
low complexity
CWE-22
5.4
2025-03-24 CVE-2025-2707 A vulnerability, which was classified as critical, has been found in zhijiantianya ruoyi-vue-pro 2.4.1.
network
low complexity
CWE-22
5.4
2025-03-22 CVE-2025-1973 The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_file() function.
network
low complexity
CWE-22
4.9
2025-03-21 CVE-2025-30343 Path Traversal vulnerability in Openslides 3.2
A directory traversal issue was discovered in OpenSlides before 4.2.5.
network
low complexity
openslides CWE-22
6.5
2025-03-20 CVE-2024-13920 Path Traversal vulnerability in Webtoffee Order Export & Order Import for Woocommerce
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function.
network
low complexity
webtoffee CWE-22
4.9
2025-03-20 CVE-2024-8769 Path Traversal vulnerability in Aimstack AIM
A vulnerability in the `LockManager.release_locks` function in aimhubio/aim (commit bb76afe) allows for arbitrary file deletion through relative path traversal.
network
low complexity
aimstack CWE-22
critical
9.1
2025-03-20 CVE-2025-2505 The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter.
network
low complexity
CWE-22
critical
9.8
2025-03-20 CVE-2025-1770 The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter.
network
low complexity
CWE-22
8.8
2025-03-19 CVE-2024-7631 A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json.
network
low complexity
CWE-22
4.3
2025-03-18 CVE-2025-0694 Insufficient path validation in CODESYS Control allows low privileged attackers with physical access to gain full filesystem access.
low complexity
CWE-22
6.6