Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2025-05-26 CVE-2025-5159 Path Traversal vulnerability in H3C Seccenter Smp-1114P02
A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513.
network
low complexity
h3c CWE-22
7.5
2025-05-26 CVE-2025-5160 Path Traversal vulnerability in H3C Seccenter Smp-1114P02
A vulnerability classified as problematic has been found in H3C SecCenter SMP-E1114P02 up to 20250513.
network
low complexity
h3c CWE-22
7.5
2025-05-25 CVE-2025-5157 Path Traversal vulnerability in H3C Seccenter Smp-1114P02
A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513.
network
low complexity
h3c CWE-22
7.5
2025-05-25 CVE-2025-5158 Path Traversal vulnerability in H3C Seccenter Smp-1114P02
A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513.
network
low complexity
h3c CWE-22
7.5
2025-05-22 CVE-2025-4419 The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter.
network
low complexity
CWE-22
4.3
2025-05-21 CVE-2025-5029 A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical.
network
low complexity
CWE-22
5.4
2025-05-21 CVE-2025-4524 The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter.
network
low complexity
CWE-22
critical
9.8
2025-05-18 CVE-2025-4898 Path Traversal vulnerability in Munyweki Student Result Management System 1.0
A vulnerability was found in SourceCodester Student Result Management System 1.0.
network
low complexity
munyweki CWE-22
5.4
2025-05-18 CVE-2025-4868 A vulnerability was found in merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd.
network
low complexity
CWE-22
6.3
2025-05-15 CVE-2025-4564 The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and including, 3.18.
network
low complexity
CWE-22
critical
9.8