Lucene search
K

262 matches found

Cvelist
Cvelist
added 2026/02/21 6:2 a.m.26 views

CVE-2026-2863 feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java deleteFile path traversal

A flaw has been found in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been...

5.5CVSS0.00369EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/02/20 2:43 a.m.160 views

Exploit for CVE-2026-2670

exploit-CVE-2026-2670 CVE-2026-2670 – Advantech WISE-6610...

8.6CVSS6.2AI score0.15346EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.9 views

CVE-2026-2670

A vulnerability was identified in Advantech WISE-6610 1.2.120251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpnapply of the component Background Management. Such manipulation of the argument deletefile leads to os command injection. The attack can be executed remotely...

8.6CVSS5.4AI score0.15346EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/02/18 9:2 p.m.24 views

CVE-2026-2670 Advantech WISE-6610 Background Management openvpn_apply os command injection

A vulnerability was identified in Advantech WISE-6610 1.2.120251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpnapply of the component Background Management. Such manipulation of the argument deletefile leads to os command injection. The attack can be executed remotely...

8.6CVSS0.15346EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2026/02/10 1:23 a.m.5 views

CVE-2026-2197

A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/pretest/exam-delete.php. This manipulation of the argument testid causes sql injection. It is possible to initiate the attack remotely. The...

9.8CVSS5.5AI score0.00323EPSS
Exploits1References1
NVD
NVD
added 2026/02/09 1:16 a.m.6 views

CVE-2026-2197

A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/pretest/exam-delete.php. This manipulation of the argument testid causes sql injection. It is possible to initiate the attack remotely. The...

9.8CVSS0.00323EPSS
Exploits1References5
OSV
OSV
added 2026/02/09 1:16 a.m.5 views

CVE-2026-2197

A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/pretest/exam-delete.php. This manipulation of the argument testid causes sql injection. It is possible to initiate the attack remotely. The...

9.8CVSS5.7AI score0.00323EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/09 12:2 a.m.5 views

CVE-2026-2197

A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/pretest/exam-delete.php. This manipulation of the argument testid causes sql injection. It is possible to initiate the attack remotely. The...

7.5CVSS5.5AI score0.00323EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/29 8:39 a.m.3 views

CVE-2026-23563 Privilege escalation in TeamViewer DEX via DeleteFileByPath instruction

Improper Link Resolution Before File Access invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is...

5.7CVSS5.9AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/29 8:39 a.m.6 views

EUVD-2026-4980

Improper Link Resolution Before File Access invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is...

5.7CVSS5.9AI score0.00195EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/29 8:39 a.m.4 views

CVE-2026-23563

Improper Link Resolution Before File Access invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is...

5.7CVSS5.9AI score0.00195EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.10 views

CVE-2025-14629

The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'deletefile' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary WordPress media...

5.3CVSS5.7AI score0.00294EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.4 views

Code-Projects Intern Membership Management System SQL注入漏洞

Code-Projects Intern Membership Management System is a Code-Projects open source intern membership management system . Code-Projects Intern Membership Management System version 1.0 has a SQL injection vulnerability , the vulnerability stems from the wrong operation of the parameter adminid in the...

7.2CVSS5.7AI score0.00389EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.5 views

CVE-2025-14997

The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'deletefield' function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level...

7.2CVSS7.2AI score0.00615EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/05 12:32 p.m.6 views

EUVD-2026-0855

A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate th...

6.5CVSS6.4AI score0.00315EPSS
Exploits1References8
OSV
OSV
added 2026/01/04 12:15 p.m.6 views

CVE-2026-0578

A vulnerability has been found in code-projects Online Product Reservation System 1.0. Affected by this issue is some unknown functionality of the file /handgunner-administrator/delete.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The explo...

9.8CVSS5.7AI score0.00466EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/04 12:0 a.m.7 views

PT-2026-1190

Name of the Vulnerable Software and Affected Versions code-projects Online Product Reservation System version 1.0 Description A flaw exists in an unknown functionality within the /handgunner-administrator/delete.php file. Manipulation of the ID parameter results in a SQL injection condition. This...

7.5CVSS7.3AI score0.00466EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.4 views

Code-Projects Content Management System SQL注入漏洞

Code-Projects Content Management System is a Code-Projects open source content and management system. A SQL injection vulnerability exists in code-projects Content Management System version 1.0, which stems from an incorrect manipulation of the parameter del in the file /admin/delete.php, which...

9.8CVSS7.1AI score0.00333EPSS
Exploits1References6
EUVD
EUVD
added 2025/12/31 12:31 a.m.5 views

EUVD-2022-55937

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenticated attackers can execute the malicious commands by making a single HTTP POST request to the...

8.5CVSS7AI score0.03744EPSS
Exploits2References6
NVD
NVD
added 2025/12/12 4:15 a.m.6 views

CVE-2025-14344

The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'pluploadajaxdeletefile' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to delete arbitrar...

9.8CVSS0.00459EPSS
Exploits0References3
Rows per page
Query Builder