260 matches found
EUVD-2026-25699
A flaw has been found in rawchen sims up to 004f783b1db5ecdfad81c8fdc3b34171211112de. Affected by this issue is some unknown functionality of the file sims-master/src/web/servlet/file/DeleteFileServlet.java of the component deleteFileServlet Endpoint. Executing a manipulation of the argument...
CVE-2026-7024 rawchen sims deleteFileServlet Endpoint DeleteFileServlet.java path traversal
A flaw has been found in rawchen sims up to 004f783b1db5ecdfad81c8fdc3b34171211112de. Affected by this issue is some unknown functionality of the file sims-master/src/web/servlet/file/DeleteFileServlet.java of the component deleteFileServlet Endpoint. Executing a manipulation of the argument...
goshs has a file-based ACL authorization bypass in goshs state-changing routes
Summary goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload files with PUT, upload files with multipart POST /upload,...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the deleteFile function. An attacker can delete arbitrary files or directories on the server by sending specially crafted HTTP requests containing encoded path traversal sequences. PoC !/usr/bin/env bash Delete a...
PT-2026-30287
Name of the Vulnerable Software and Affected Versions goshs affected versions not specified Description A flaw exists in goshs that allows for arbitrary file or directory deletion due to a missing return statement after a path traversal check in the deleteFile function...
CVE-2026-34524
CVE-2026-34524 (SillyTavern) is a path-traversal vulnerability affecting the SillyTavern UI prior to version 1.17.0. An authenticated user could exploit avatar_url=".." to read and delete arbitrary files under their user data root via the chat endpoints /api/chats/export and /api/chats/delete. Co...
CVE-2026-4836 code-projects Accounting System delete.php sql injection
A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /myaccount/delete.php. Performing a manipulation of the argument cosid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public a...
EUVD-2026-10226
A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelete.php. The manipulation of the argument flightno results in sql injection. The attack may be performed from remote. The exploit has been released t...
EUVD-2026-10202
A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public an...
CVE-2026-3695
CVE-2026-3695 affects SourceCodester Modern Image Gallery App 1.0. The vulnerability is in an affected function of /delete.php where filename manipulation enables path traversal. Exploitation can be remote; exploit code maturity is documented as PROOF-OF-CONCEPT. CVSS metrics across versions indi...
Code-Projects Simple Flight Ticket Booking System SQL注入漏洞
Code-Projects Simple Flight Ticket Booking System is a simple airline ticket booking system developed by Code-Projects. Version 1.0 of the Code-Projects Simple Flight Ticket Booking System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter...
PT-2026-23895
Name of the Vulnerable Software and Affected Versions SourceCodester Modern Image Gallery App version 1.0 Description A path traversal issue exists in SourceCodester Modern Image Gallery App version 1.0. The issue is located in the /delete.php file, specifically affecting an unknown function...
Meta Box Plugin for WordPress: Authenticated (Contributor+) Arbitrary File Deletion via ajax_delete_file
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
CVE-2025-14675
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
CVE-2025-14675
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
CVE-2025-14675 Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
CVE-2025-14675
The Meta Box WordPress plugin is affected by CVE-2025-14675 due to insufficient file path validation in the ajax_delete_file function, exposing all versions up to 5.11.1 to arbitrary file deletion. An authenticated attacker with Contributor-level access or higher can delete arbitrary files on the...
CVE-2026-2863
The CVE-2026-2863 entry describes a path-traversal vulnerability in the deleteFile function of FileServiceImpl.java within feng_ha_ha/megagao ssm-erp and production_ssm (up to a specific commit). Remote exploitability is stated, with a published exploit and continuous delivery practices noted. Pu...
CVE-2026-2863 feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java deleteFile path traversal
A flaw has been found in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been...
Exploit for CVE-2026-2670
exploit-CVE-2026-2670 CVE-2026-2670 – Advantech WISE-6610...