Lucene search
K

365 matches found

CVE
CVE
added yesterday8 views

CVE-2026-61958

CVE-2026-61958 concerns the WordPress plugin “License Manager for WooCommerce” (license-manager-for-woocommerce) versions up to 3.0.17. The issue is a Missing Authorization vulnerability that allows exploitation through incorrectly configured access control, enabling arbitrary content deletion wi...

5.4CVSS6.1AI score0.00287EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.16 views

CVE-2025-69134

CVE-2025-69134: WordPress OpenAI Chatbot for WordPress – Helper plugin

7.5CVSS5.8AI score0.003EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:36 p.m.6 views

CVE-2026-57331

Performer Arbitrary File Deletion in Paid Videochat Turnkey Site = 7.4.8 versions...

9.9CVSS5.8AI score0.00344EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 10:10 p.m.11 views

EUVD-2026-38036

PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles...

3CVSS5.9AI score0.00112EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-57321

Contributor Arbitrary File Deletion in H5P = 1.17.7 versions...

7.1CVSS0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.12 views

CVE-2026-56066

CVE-2026-56066 affects the WordPress ShortPixel Adaptive Images plugin up to version 3.11.4, describing an unauthenticated Arbitrary File Deletion vulnerability. The connected records confirm the affected product and the nature of the issue but do not provide details on attack vectors, root cause...

5.8CVSS5.8AI score0.00346EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52435

Name of the Vulnerable Software and Affected Versions JS Help Desk versions prior to 3.1.2 Description Low-privileged subscribers can remotely delete critical files due to a path traversal issue. Path traversal is a flaw that allows an attacker to access or manipulate files outside the intended...

7.7CVSS5.8AI score0.0045EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Flatpak

Flatpak is a Linux application sandboxing and distribution framework. Prior to version 1.16.4, the caching mechanism for ld.so removed outdated cache files without properly checking whether the app’s control over the path to the outdated cache was valid within the cache directory. This allowed...

8.7CVSS7.1AI score0.00323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51671

Name of the Vulnerable Software and Affected Versions Advanced Contact Form 7 - Compact DB versions prior to 1.0.1 Description Unauthenticated attackers can delete arbitrary contact form submission entries stored in the wp cf7cdb data table. This occurs because the cf7cdb ajax delete user functio...

5.3CVSS5.9AI score0.00295EPSS
Exploits0References9
NVD
NVD
added 2026/06/17 1:19 p.m.11 views

CVE-2025-60223

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...

7.7CVSS0.0045EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50414

Name of the Vulnerable Software and Affected Versions Fusion Builder versions prior to 3.15.5 Description A path traversal issue allows users with the Contributor role to delete arbitrary files on the server. Recommendations Limit user roles as a temporary mitigation measure. At the moment, there...

7.7CVSS5.3AI score0.00337EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/16 8:56 p.m.22 views

CVE-2025-69103 WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability

Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...

7.5CVSS0.00407EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:56 p.m.17 views

CVE-2025-69103

CVE-2025-69103 affects WordPress Brikk theme ≤ 3.0.0. According to the records, a Subscriber can cause Arbitrary Content Deletion. CVSS 3.1 base score 7.5 (HIGH) with NETWORK attack vector, Low attack complexity, no privileges required, no user interaction, availability impact. No root-cause deta...

7.5CVSS5.2AI score0.00407EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.30 views

CVE-2026-49766 WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...

9.9CVSS0.00506EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/10 5:11 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the clearplugincache function. An attacker can cause deletion of arbitrary directories accessible to the server process by supplying crafted input containing directory traversal sequences. This can result in...

7.3CVSS6.5AI score0.0003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48538

Name of the Vulnerable Software and Affected Versions anyquery versions prior to 0.4.5 Description A path traversal issue exists in the SQL scalar function clear plugin cache within the namespace/other functions.go file. The function accepts a plugin argument and passes it to path.Join and...

7.3CVSS5.9AI score0.0003EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 12:0 a.m.11 views

CVE-2026-36726

An arbitrary file deletion vulnerability in the /api/delete-temp-license/file endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences...

5.6AI score0.00511EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/06 12:31 a.m.11 views

EUVD-2025-210080

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the deletecancelstagingsite function in all versions up to, and including, 0.9.128. This makes it possible for authenticated...

3.8CVSS5.6AI score0.00263EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/05 7:43 p.m.21 views

skillctl: Path traversal and symlink-follow in skillctl allow arbitrary file disclosure and deletion

Impact skillctl 0.1.0 and 0.1.1 contained four path-safety vulnerabilities that, in combination, allowed an attacker to: 1. Exfiltrate arbitrary files on the operator's machine by publishing a malicious skills library containing a symlink inside a skill folder e.g. niania →...

5.6AI score
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/04 6:40 p.m.9 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS5.9AI score0.00323EPSS
Exploits0References5
Rows per page
Query Builder