Lucene search
K

260 matches found

EUVD
EUVD
added 2026/04/26 6:45 a.m.6 views

EUVD-2026-25699

A flaw has been found in rawchen sims up to 004f783b1db5ecdfad81c8fdc3b34171211112de. Affected by this issue is some unknown functionality of the file sims-master/src/web/servlet/file/DeleteFileServlet.java of the component deleteFileServlet Endpoint. Executing a manipulation of the argument...

5.5CVSS5.4AI score0.00372EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/26 6:45 a.m.4 views

CVE-2026-7024 rawchen sims deleteFileServlet Endpoint DeleteFileServlet.java path traversal

A flaw has been found in rawchen sims up to 004f783b1db5ecdfad81c8fdc3b34171211112de. Affected by this issue is some unknown functionality of the file sims-master/src/web/servlet/file/DeleteFileServlet.java of the component deleteFileServlet Endpoint. Executing a manipulation of the argument...

5.5CVSS5.3AI score0.00372EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/10 8:0 p.m.7 views

goshs has a file-based ACL authorization bypass in goshs state-changing routes

Summary goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload files with PUT, upload files with multipart POST /upload,...

9.8CVSS6AI score0.00651EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/04/03 9:58 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the deleteFile function. An attacker can delete arbitrary files or directories on the server by sending specially crafted HTTP requests containing encoded path traversal sequences. PoC !/usr/bin/env bash Delete a...

9.8CVSS6.3AI score0.00683EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.1 views

PT-2026-30287

Name of the Vulnerable Software and Affected Versions goshs affected versions not specified Description A flaw exists in goshs that allows for arbitrary file or directory deletion due to a missing return statement after a path traversal check in the deleteFile function...

9.8CVSS7.4AI score0.00683EPSS
Exploits1References16
CVE
CVE
added 2026/04/02 5:15 p.m.19 views

CVE-2026-34524

CVE-2026-34524 (SillyTavern) is a path-traversal vulnerability affecting the SillyTavern UI prior to version 1.17.0. An authenticated user could exploit avatar_url=".." to read and delete arbitrary files under their user data root via the chat endpoints /api/chats/export and /api/chats/delete. Co...

8.8CVSS5.9AI score0.0057EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/26 1:52 a.m.33 views

CVE-2026-4836 code-projects Accounting System delete.php sql injection

A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /myaccount/delete.php. Performing a manipulation of the argument cosid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public a...

6.5CVSS0.00196EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/08 9:30 a.m.4 views

EUVD-2026-10226

A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelete.php. The manipulation of the argument flightno results in sql injection. The attack may be performed from remote. The exploit has been released t...

7.5CVSS5.7AI score0.0037EPSS
Exploits1References7
EUVD
EUVD
added 2026/03/08 3:30 a.m.4 views

EUVD-2026-10202

A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public an...

6.9CVSS6.3AI score0.00785EPSS
Exploits1References7
CVE
CVE
added 2026/03/08 12:32 a.m.15 views

CVE-2026-3695

CVE-2026-3695 affects SourceCodester Modern Image Gallery App 1.0. The vulnerability is in an affected function of /delete.php where filename manipulation enables path traversal. Exploitation can be remote; exploit code maturity is documented as PROOF-OF-CONCEPT. CVSS metrics across versions indi...

6.9CVSS6.3AI score0.00785EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/03/08 12:0 a.m.5 views

Code-Projects Simple Flight Ticket Booking System SQL注入漏洞

Code-Projects Simple Flight Ticket Booking System is a simple airline ticket booking system developed by Code-Projects. Version 1.0 of the Code-Projects Simple Flight Ticket Booking System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter...

9.8CVSS7.2AI score0.0037EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/08 12:0 a.m.6 views

PT-2026-23895

Name of the Vulnerable Software and Affected Versions SourceCodester Modern Image Gallery App version 1.0 Description A path traversal issue exists in SourceCodester Modern Image Gallery App version 1.0. The issue is located in the /delete.php file, specifically affecting an unknown function...

6.9CVSS6.6AI score0.00785EPSS
Exploits1References12
Github Security Blog
Github Security Blog
added 2026/03/07 9:30 a.m.8 views

Meta Box Plugin for WordPress: Authenticated (Contributor+) Arbitrary File Deletion via ajax_delete_file

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

7.2CVSS6.4AI score0.00654EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/03/07 8:16 a.m.6 views

CVE-2025-14675

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

7.2CVSS0.00654EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/07 7:22 a.m.3 views

CVE-2025-14675

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

7.2CVSS6.4AI score0.00654EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/07 7:22 a.m.32 views

CVE-2025-14675 Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

7.2CVSS0.00654EPSS
Exploits0References5
CVE
CVE
added 2026/03/07 7:22 a.m.20 views

CVE-2025-14675

The Meta Box WordPress plugin is affected by CVE-2025-14675 due to insufficient file path validation in the ajax_delete_file function, exposing all versions up to 5.11.1 to arbitrary file deletion. An authenticated attacker with Contributor-level access or higher can delete arbitrary files on the...

7.2CVSS6.4AI score0.00654EPSS
Exploits0References5
CVE
CVE
added 2026/02/21 6:2 a.m.16 views

CVE-2026-2863

The CVE-2026-2863 entry describes a path-traversal vulnerability in the deleteFile function of FileServiceImpl.java within feng_ha_ha/megagao ssm-erp and production_ssm (up to a specific commit). Remote exploitability is stated, with a published exploit and continuous delivery practices noted. Pu...

5.5CVSS5.3AI score0.00369EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/21 6:2 a.m.25 views

CVE-2026-2863 feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java deleteFile path traversal

A flaw has been found in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been...

5.5CVSS0.00369EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/02/20 2:43 a.m.155 views

Exploit for CVE-2026-2670

exploit-CVE-2026-2670 CVE-2026-2670 – Advantech WISE-6610...

8.6CVSS6.2AI score0.15346EPSS
Exploits2
Rows per page
Query Builder