Total
381 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12917 | 2025-02-24 | 8.3 High | ||
| Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.This issue affects Health4All: before 10.01.2025. | ||||
| CVE-2024-34066 | 1 Pterodactyl | 1 Wings | 2025-02-21 | 8.5 High |
| Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue has been addressed in version 1.11.12 and users are advised to upgrade. Users unable to upgrade may enable the `ignore_panel_config_updates` option as a workaround. | ||||
| CVE-2022-35235 | 1 Xplodedthemes | 1 Wpide - File Manager \& Code Editor | 2025-02-20 | 4.9 Medium |
| Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. | ||||
| CVE-2022-33901 | 1 Multisafepay | 1 Multisafepay Plugin For Woocommerce | 2025-02-20 | 5.3 Medium |
| Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress. | ||||
| CVE-2022-31475 | 1 Givewp | 1 Givewp | 2025-02-20 | 5.5 Medium |
| Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. | ||||
| CVE-2022-29447 | 1 Wow-company | 1 Hover Effects | 2025-02-20 | 6.8 Medium |
| Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress. | ||||
| CVE-2022-29446 | 1 Wow-company | 1 Counter Box | 2025-02-20 | 6.8 Medium |
| Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Counter Box plugin <= 1.1.1 at WordPress. | ||||
| CVE-2022-44634 | 1 Villatheme | 1 S2w - Import Shopify To Woocommerce | 2025-02-20 | 4.9 Medium |
| Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress. | ||||
| CVE-2022-4236 | 1 Welcart | 1 Welcart E-commerce | 2025-02-20 | 6.5 Medium |
| The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server. | ||||
| CVE-2022-44583 | 1 Watchtowerhq | 1 Watchtower | 2025-02-20 | 7.5 High |
| Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. | ||||
| CVE-2021-3493 | 1 Canonical | 1 Ubuntu Linux | 2025-02-19 | 8.8 High |
| The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. | ||||
| CVE-2023-25260 | 1 Stimulsoft | 1 Designer | 2025-02-19 | 7.5 High |
| Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion. | ||||
| CVE-2024-11629 | 1 Progress | 1 Telerik Document Processing Libraries | 2025-02-19 | 7.1 High |
| In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF. | ||||
| CVE-2024-3564 | 1 Vanderwijk | 1 Content Blocks | 2025-02-19 | 8.8 High |
| The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'content_block' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2023-23330 | 1 Amano | 1 Xoffice | 2025-02-18 | 7.5 High |
| amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion. | ||||
| CVE-2025-0509 | 2025-02-17 | 7.3 High | ||
| A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks. | ||||
| CVE-2023-1124 | 1 Wpeasycart | 1 Wp Easycart | 2025-02-14 | 7.2 High |
| The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks. | ||||
| CVE-2025-23421 | 2025-02-14 | 6.4 Medium | ||
| An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications. | ||||
| CVE-2023-50164 | 1 Apache | 1 Struts | 2025-02-13 | 9.8 Critical |
| An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. | ||||
| CVE-2024-6911 | 2 Perkin Elmer, Perkinelmer | 2 Process Plus, Processplus | 2025-02-13 | 7.5 High |
| Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0. | ||||