Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-27 | CVE-2025-1282 | Path Traversal vulnerability in Thememakers CAR Dealer Automotive The Car Dealer Automotive WordPress Theme – Responsive theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_post_photo() and add_car() functions in all versions up to, and including, 1.6.3. | 8.8 |
| 2025-02-25 | CVE-2025-27142 | Path Traversal vulnerability in Localsend LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. | 8.8 |
| 2025-02-21 | CVE-2025-1543 | Path Traversal vulnerability in Iteachyou Dreamer CMS 4.1.3 A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. | 4.3 |
| 2025-02-20 | CVE-2025-27098 | Path Traversal vulnerability in The-Guild Graphql Mesh CLI and Graphql Mesh Http GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. | 7.5 |
| 2025-02-19 | CVE-2025-27092 | Path Traversal vulnerability in CMU Ghosts GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. | 7.5 |
| 2025-02-18 | CVE-2025-1035 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1. low complexity CWE-22 | 5.7 |
| 2025-02-18 | CVE-2024-13535 | Path Traversal vulnerability in Marcoingraiti Actionwear products Sync The Actionwear products sync plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.3.0. | 5.3 |
| 2025-02-18 | CVE-2024-13538 | Path Traversal vulnerability in Bigbuy Dropshipping Connector for Woocommerce The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.19. | 5.3 |
| 2025-02-18 | CVE-2024-13725 | Path Traversal vulnerability in Keap Official OPT in Forms The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter. | 9.8 |
| 2025-02-16 | CVE-2025-1357 | A vulnerability classified as problematic has been found in Seventh D-Guard up to 20250206. | 4.3 |