| 2025-01-31 | CVE-2025-0493 | The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and including, 4.2.14 via the tabname parameter. network low complexity CWE-22 critical | 9.8 |
| 2025-01-30 | CVE-2025-0572 | Path Traversal vulnerability in Santesoft Sante Pacs Server
Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. | 4.3 |
| 2025-01-30 | CVE-2025-0573 | Path Traversal vulnerability in Santesoft Sante Pacs Server
Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. | 5.3 |
| 2025-01-30 | CVE-2024-13720 | Path Traversal vulnerability in Ivanm WP Image Uploader
The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gky_image_uploader_main_function() function in all versions up to, and including, 1.0.1. | 9.1 |
| 2025-01-25 | CVE-2023-38012 | IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. | 5.3 |
| 2025-01-25 | CVE-2024-12885 | The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. | 6.5 |
| 2025-01-25 | CVE-2024-13550 | Path Traversal vulnerability in Paulrosen ABC Notation
The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. | 6.5 |
| 2025-01-24 | CVE-2025-0703 | A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. | 4.3 |
| 2025-01-19 | CVE-2024-45652 | IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2025-01-17 | CVE-2024-10799 | The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. | 6.5 |