CVE & Exploit Intelligence Database

CVE-2025-8050 6.5 MEDIUM EPSS 0.00

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.  The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2.

CWE-73 Oct 21, 2025

CVE-2025-8048 6.5 MEDIUM EPSS 0.00

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue affects Flipper: 3.1.2.

CWE-73 Oct 20, 2025

CVE-2025-11738 5.3 MEDIUM EPSS 0.00

The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the server, which can contain sensitive information.

CWE-73 Oct 18, 2025

CVE-2025-62382 7.7 HIGH 1 Writeup EPSS 0.00

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied verbatim into the publicly served clips directory, the feature can be abused to read arbitrary files that reside on the host running Frigate. In practice, a low-privilege user with API access can pivot from viewing camera footage to exfiltrating sensitive configuration files, secrets, or user data from the appliance itself. This behavior violates the principle of least privilege for the export subsystem and turns a convenience feature into a direct information disclosure vector, with exploitation hinging on a short race window while the background exporter copies the chosen file into place before cleanup runs. This vulnerability is fixed in 0.16.2.

CWE-73 Oct 15, 2025

CVE-2025-59483 6.5 MEDIUM EPSS 0.00

A validation vulnerability exists in an undisclosed URL in the Configuration utility.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CWE-73 Oct 15, 2025

CVE-2025-59292 8.2 HIGH EPSS 0.00

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.

CWE-73 Oct 14, 2025

CVE-2025-59291 8.2 HIGH EPSS 0.00

External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.

CWE-73 Oct 14, 2025

CVE-2025-59244 6.5 MEDIUM EPSS 0.00

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

CWE-73 Oct 14, 2025

CVE-2025-59200 7.7 HIGH EPSS 0.00

Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.

CWE-362 Oct 14, 2025

CVE-2025-59185 6.5 MEDIUM EPSS 0.00

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

CWE-73 Oct 14, 2025

CVE-2025-35053 6.4 MEDIUM EPSS 0.00

Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying the 'DownloadExportedPDF' command that allow an authenticated user to read and delete arbitrary files with 'NT AUTHORITY\NetworkService' privileges. In Newforma before 2023.1, anonymous access is enabled by default (CVE-2025-35062), allowing an otherwise unauthenticated attacker to effectively authenticate as 'anonymous' and exploit this file upload vulnerability.

CWE-22 Oct 09, 2025

CVE-2025-10494 8.1 HIGH EPSS 0.00

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all versions up to, and including, 1.4.89. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

CWE-73 Oct 08, 2025

CVE-2025-10306 3.8 LOW EPSS 0.00

The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process_backup_batch() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download directories outside of the webroot and write backup zip files to arbitrary locations.

CWE-73 Oct 03, 2025

CVE-2025-58769 3.3 LOW 1 Writeup EPSS 0.00

auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. The vulnerability affects any application that either directly uses the Auth0-PHP SDK (versions 3.3.0–8.16.0) or indirectly relies on those versions through the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs. This issue is fixed in version 8.17.0.

CWE-22 Oct 01, 2025

CVE-2025-6237 9.8 CRITICAL EPSS 0.00

A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/download/{bulk_download_item_name} endpoint. By manipulating the filename arguments, attackers can read and delete any files on the server, including critical system files such as SSH keys, databases, and configuration files. This vulnerability results in high confidentiality, integrity, and availability impacts.

CWE-73 Sep 18, 2025

CVE-2025-10058 8.1 HIGH EPSS 0.00

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the upload_function() function in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

CWE-73 Sep 17, 2025

CVE-2025-8422 7.5 HIGH 1 PoC Analysis EPSS 0.00

The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.7.6.7 via the send_email() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

CWE-73 Sep 11, 2025

CVE-2025-59049 7.5 HIGH 1 Writeup NUCLEI EPSS 0.02

Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented in the documentation page, where the server filename is generated via templating features from user input is vulnerable to Path Traversal and LFI, allowing an attacker to get any file in the mock server filesystem. The issue may be particularly relevant in cloud hosted server instances. Version 9.2.0 fixes the issue.

CWE-22 Sep 10, 2025

CVE-2025-58762 9.1 CRITICAL 1 Writeup EPSS 0.01

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the `pms_image_proxy` endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when combined with the `Script` notification agent. If an attacker with administrative access changes the URL of the PMS to a server they control, they can then abuse the `pms_image_proxy` to obtain a file write into the application filesystem. This can be done by making a `pms_image_proxy` request with a URL in the `img` parameter and the desired file name in the `img_format` parameter. Tautulli then uses a hash of the desired metadata together with the `img_format` in order to construct a file path. Since the attacker controls `img_format` which occupies the end of the file path, and `img_format` is not sanitised, the attacker can then use path traversal characters to specify filename of their choosing. If the specified file does not exist, Tautaulli will then attempt to fetch the image from the configured PMS. Since the attacker controls the PMS, they can return arbitrary content in response to this request, which will then be written into the specified file. An attacker can write an arbitrary python script into a location on the application file system. The attacker can then make use of the built-in `Script` notification agent to run the local script, obtaining remote code execution on the application server. Users should upgrade to version 2.16.0 to receive a patch.

CWE-73 Sep 09, 2025

CVE-2025-55316 7.8 HIGH EPSS 0.00

External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally.

CWE-73 Sep 09, 2025