Total
154 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26124 | 1 Microsoft | 3 Aci Confidential Containers, Confidental Containers, Microsoft Aci Confidential Containers | 2026-04-09 | 6.7 Medium |
| '.../...//' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-2654 | 1 Filemanagerpro | 1 File Manager | 2026-04-08 | 6.8 Medium |
| The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information. | ||||
| CVE-2024-5481 | 1 10web | 1 Photo Gallery | 2026-04-08 | 6.8 Medium |
| The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the server, which can contain sensitive information, and to cut (delete) arbitrary directories, including the root WordPress directory. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery edit permissions to lower level users, which might make this exploitable by users as low as contributors. | ||||
| CVE-2025-59793 | 1 Rocketsoftware | 1 Trufusion Enterprise | 2026-04-03 | 9.9 Critical |
| Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution. | ||||
| CVE-2026-28265 | 1 Dell | 14 Powerstore, Powerstore 1000t, Powerstore 1200t and 11 more | 2026-04-03 | 4.4 Medium |
| PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files. | ||||
| CVE-2025-53561 | 2 Miniorange, Wordpress | 2 Prevent Files \/ Folders Access, Wordpress | 2026-04-01 | N/A |
| Path Traversal: '.../...//' vulnerability in miniOrange Prevent files / folders access prevent-file-access allows Path Traversal.This issue affects Prevent files / folders access: from n/a through <= 2.6.0. | ||||
| CVE-2025-52811 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through <= 1.3. | ||||
| CVE-2025-52805 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Path Traversal: '.../...//' vulnerability in VaultDweller Leyka leyka allows PHP Local File Inclusion.This issue affects Leyka: from n/a through <= 3.32.1. | ||||
| CVE-2025-52712 | 2 Boldgrid, Wordpress | 2 Post And Page Builder By Boldgrid - Visual Drag And Drop Editor, Wordpress | 2026-04-01 | N/A |
| Path Traversal: '.../...//' vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Path Traversal.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8. | ||||
| CVE-2025-49451 | 2026-04-01 | N/A | ||
| Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through <= 1.0.13. | ||||
| CVE-2025-49297 | 1 Qodeinteractive | 1 Grill And Chow | 2026-04-01 | 9.8 Critical |
| Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6. | ||||
| CVE-2025-49296 | 1 Qodeinteractive | 1 Grandprix | 2026-04-01 | 9.8 Critical |
| Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6. | ||||
| CVE-2025-49295 | 1 Qodeinteractive | 1 Mediclinic | 2026-04-01 | 9.8 Critical |
| Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1. | ||||
| CVE-2025-48317 | 2026-04-01 | N/A | ||
| Path Traversal: '.../...//' vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay woocommerce-payment-gateway-for-saferpay allows Path Traversal.This issue affects WooCommerce Payment Gateway for Saferpay: from n/a through <= 0.4.9. | ||||
| CVE-2025-47649 | 2026-04-01 | N/A | ||
| Path Traversal: '.../...//' vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows PHP Local File Inclusion.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.9. | ||||
| CVE-2025-47636 | 2026-04-01 | N/A | ||
| Path Traversal: '.../...//' vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through <= 0.91.0. | ||||
| CVE-2025-46441 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Path Traversal: '.../...//' vulnerability in ctltwp Section Widget section-widget allows Path Traversal.This issue affects Section Widget: from n/a through <= 3.3.1. | ||||
| CVE-2025-39598 | 2026-04-01 | N/A | ||
| Path Traversal: '.../...//' vulnerability in Quý Lê 91 Administrator Z administrator-z allows Path Traversal.This issue affects Administrator Z: from n/a through <= 2025.03.28. | ||||
| CVE-2025-39475 | 2026-04-01 | N/A | ||
| Path Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue affects Arlo: from n/a through <= 6.0.3. | ||||
| CVE-2025-39470 | 2026-04-01 | N/A | ||
| Path Traversal: '.../...//' vulnerability in ThimPress Ivy School ivy-school allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through <= 1.6.0. | ||||