4502 matches found
CVE-2026-58192
CVE-2026-58192 affects Appium’s storage-plugin: prior to 1.1.6, POST /storage/delete passes user-supplied name into path.join(storageRoot, name) and fs.rimraf() without sanitization, enabling an unauthenticated remote attacker to escape the storage root via ../ and delete arbitrary writable files...
Nevma Adaptive Images - Arbitrary File Deletion
Nevma Adaptive Images plugin before 0.6.67 for WordPress contains an arbitrary file deletion caused by unsanitized input in adaptive-images-script.php, letting remote attackers delete arbitrary files, exploit requires sending specific request parameters. id: CVE-2019-14206 info: name: Nevma...
CVE-2026-14487
The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...
CVE-2026-14487
The CVE-2026-14487 entry concerns the WordPress plugin Simple Coherent Form (SCF). Affected versions are all up to and including 2.4.13. The root cause is insufficient file path validation in the removeUploadDir function, enabling unauthenticated deletion of arbitrary server files (e.g., wp-confi...
CVE-2026-55631 DataEase: Path Traversal Leading to Arbitrary File Deletion via Font Management
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font...
CVE-2026-55631
DataEase exposes a path-traversal flaw in the font management module prior to version 2.10.24. Authenticated users could submit an arbitrary fileTransName when creating a font record; on deletion, the stored value is concatenated with the font storage directory and passed to FileUtils.deleteFile(...
WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion
The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete...
CVE-2026-12277 Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Deletion via Saved File Metadata Path Traversal
The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...
CVE-2026-12277
The CVE-2026-12277 vulnerability affects the WordPress Frontend File Manager Plugin (through version 23.6). It describes an improper validation of a file path derived from user input when deleting a referenced file, enabling unauthenticated users to delete arbitrary server files (e.g., wp-config....
CVE-2026-59194
pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0...
CVE-2026-59194
pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0...
flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation
A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...
CVE-2026-9725
The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...
EUVD-2026-41488
The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...
CVE-2026-9725
The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...
CVE-2026-9725 Printcart Web to Print Product Designer for WooCommerce <= 2.5.2 - Unauthenticated Arbitrary File Deletion
The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...
CVE-2026-9725
The CVE-2026-9725 issue affects the Printcart Web to Print Product Designer for WooCommerce plugin for WordPress (versions
CVE-2026-7311
The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress (up to version 3.6.13) is vulnerable to arbitrary file deletion due to insufficient file path validation in delete_converted_image_size. Authenticated attackers with author-level access can delete arbitrary files on the server ...
CVE-2026-5821
The CVE-2026-5821 entry details a vulnerability in the WordPress Image Optimizer plugin (versions up to 1.7.4). The root cause is insufficient path validation in Image_Backup::remove(), where backup file paths stored in the image_optimizer_metadata post meta are used directly for deletion without...
EUVD-2026-41247
The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...