Total
154 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49258 | 2026-04-01 | N/A | ||
| Path Traversal: '.../...//' vulnerability in Limbcode WordPress Gallery Plugin – Limb Image Gallery limb-gallery.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through <= 1.5.7. | ||||
| CVE-2024-49249 | 2026-04-01 | N/A | ||
| Path Traversal: '.../...//' vulnerability in SMSA Express SMSA Shipping smsa-shipping-official allows Path Traversal.This issue affects SMSA Shipping: from n/a through <= 2.3. | ||||
| CVE-2024-47324 | 1 Ex-themes | 1 Wp Timeline | 2026-04-01 | N/A |
| Path Traversal: '.../...//' vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin wp-timelines.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through <= 3.6.7. | ||||
| CVE-2024-38706 | 1 Hasthemes | 1 Ht Mega | 2026-04-01 | 8.8 High |
| Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through <= 2.5.7. | ||||
| CVE-2025-69325 | 2 Primersoftware, Wordpress | 2 Primer Mydata For Woocommerce, Wordpress | 2026-04-01 | 5.3 Medium |
| Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8. | ||||
| CVE-2025-67914 | 2 Beeteam368, Wordpress | 2 Vidmov, Wordpress | 2026-04-01 | 7.5 High |
| Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8. | ||||
| CVE-2025-64253 | 1 Wordpress | 2 Health Check & Troubleshooting, Wordpress | 2026-04-01 | 4.9 Medium |
| Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through <= 1.7.1. | ||||
| CVE-2025-58972 | 2 Barcode Scanner, Wordpress | 2 Barcode Scanner With Inventory & Order Manager, Wordpress | 2026-04-01 | 7.2 High |
| Path Traversal: '.../...//' vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Path Traversal.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.10.4. | ||||
| CVE-2025-48090 | 2 Cocobasic, Wordpress | 2 Blanka, Wordpress | 2026-04-01 | 8.2 High |
| Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through < 1.5. | ||||
| CVE-2025-39467 | 3 Mikado-themes, Qodeinteractive, Wordpress | 3 Wanderland, Wanderland, Wordpress | 2026-04-01 | 9.8 Critical |
| Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1. | ||||
| CVE-2025-22288 | 2 Wordpress, Wpmudev | 2 Wordpress, Smush Image Compression And Optimization | 2026-04-01 | 4.1 Medium |
| Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through <= 3.17.0. | ||||
| CVE-2026-25397 | 2 Snowray Software, Wordpress | 2 File Uploader For Woocommerce, Wordpress | 2026-03-27 | 7.5 High |
| Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through <= 1.0.4. | ||||
| CVE-2026-32415 | 2 Bogdan Bendziukov, Wordpress | 2 Squeeze, Wordpress | 2026-03-23 | 5 Medium |
| Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7. | ||||
| CVE-2026-1763 | 1 Ge Vernova | 1 Enervista | 2026-03-04 | 4.6 Medium |
| Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions. | ||||
| CVE-2025-47176 | 1 Microsoft | 5 365 Apps, Office, Office 2024 and 2 more | 2026-02-26 | 7.8 High |
| '.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. | ||||
| CVE-2025-8088 | 3 Dtsearch, Microsoft, Rarlab | 3 Dtsearch, Windows, Winrar | 2026-02-26 | 8.8 High |
| A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. | ||||
| CVE-2025-20313 | 1 Cisco | 1 Ios Xe Software | 2026-02-26 | 6.7 Medium |
| Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. These vulnerabilities are due path traversal and improper image integrity validation. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. ERP | ||||
| CVE-2025-42937 | 1 Sap | 1 Sapsprint | 2026-02-26 | 9.8 Critical |
| SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application. | ||||
| CVE-2025-5454 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2026-02-26 | 6.4 Medium |
| An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-53880 | 1 Suse | 3 Manager, Manager Proxy, Manager Server | 2026-02-26 | N/A |
| A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses. | ||||