Lucene search
+L

198 matches found

nvd
nvd
added 4 days ago3 views

CVE-2026-15684

Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system...

7.3CVSS0.00142EPSS
Exploits0References1
cve
cve
added 4 days ago8 views

CVE-2026-15684

CVE-2026-15684 affects Glarysoft Glary Utilities. The flaw resides in the Disk Clean functionality, where an attacker who can run low-privileged code can abuse a folder junction to delete arbitrary files, enabling a local privilege escalation to SYSTEM and potential arbitrary code execution. The ...

7.3CVSS7.2AI score0.00142EPSS
Exploits0References1
euvd
euvd
added last week6 views

EUVD-2026-43000

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with import and assets.update permissions can place a path traversal string in an asset image field through CSV import and then trigger image deletion, allowing deletion of arbitrary files accessible to the...

6.5CVSS6.2AI score0.00378EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/07/08 6:40 a.m.13 views

CVE-2026-59194

A flaw was found in pnpm, a package manager. A remote attacker could exploit this vulnerability by providing a specially crafted patch entry. This crafted entry could resolve outside the configured patches directory, allowing for the deletion of an arbitrary file when pnpm patch-remove is execute...

7.1CVSS6AI score0.00257EPSS
Exploits1References4
euvd
euvd
added 2026/07/02 6:32 p.m.7 views

EUVD-2026-41418

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteconvertedimagesize function in all versions up to, and including, 3.6.13. This makes it possible for authenticated attackers, with...

8.1CVSS6.5AI score0.0067EPSS
Exploits0References6
osv
osv
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-254 AgentScope path traversal vulnerability

A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling t...

9.1CVSS7.4AI score0.00953EPSS
Exploits1References8
nvd
nvd
added 2026/06/15 2:16 p.m.12 views

CVE-2016-20076

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the deletebackupfile and downloadbackupfile parameters in tools.php. Attackers can exploit insufficient input validation usi...

8.7CVSS0.00601EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.20 views

PT-2026-49214

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete backup file and download backup file parameters in tools.php. Attackers can exploit insufficient input validation...

8.7CVSS5.5AI score0.00601EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/03 10:38 a.m.9 views

CVE-2026-35076 Arbitrary file delete vulnerability in method bac-scanresult

The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/29 10:49 a.m.39 views

CVE-2025-41268

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines...

8.8CVSS0.00437EPSS
Exploits0References1
cve
cve
added 2026/05/28 2:39 a.m.37 views

CVE-2026-9789

The CVE-2026-9789 entry describes a Local Privilege Escalation affecting Acer NitroSense software prior to 3.01.3052. The root cause is a PSAdminAgent service that creates a Named Pipe with a weak ACL, allowing any authenticated local user to connect and issue commands. The service does not verif...

8.5CVSS5.9AI score0.00152EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/05/28 12:0 a.m.13 views

PT-2026-44171

A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...

8.5CVSS5.9AI score0.00152EPSS
Exploits1References2
euvd
euvd
added 2026/05/27 9:11 a.m.12 views

EUVD-2026-32162

The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites...

9.3CVSS5.9AI score0.00267EPSS
Exploits0References1
nvd
nvd
added 2026/05/17 1:16 p.m.24 views

CVE-2018-25325

Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...

8.7CVSS0.00613EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/16 3:26 p.m.35 views

CVE-2020-37246 WordPress Plugin Supsystic Backup 2.3.9 Local File Inclusion

Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access...

6.9CVSS0.00673EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/05/13 12:0 a.m.13 views

PT-2026-40756

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

7.1CVSS5.9AI score0.00336EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/04 12:0 a.m.16 views

PT-2026-36800

Name of the Vulnerable Software and Affected Versions Norton Secure VPN affected versions not specified Description A privilege escalation issue occurs during the installation of the software via the Microsoft Store. A low-privilege user can replace files during the installation process,...

8.8CVSS5.9AI score0.00127EPSS
Exploits0References8
nvd
nvd
added 2026/04/29 8:16 p.m.9 views

CVE-2018-25308

BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...

8.8CVSS0.00741EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/04/23 6:9 p.m.4 views

CVE-2026-33694

This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYST...

8.6CVSS6.1AI score0.00146EPSS
Exploits0References3
github
github
added 2026/03/27 3:35 p.m.7 views

Open WebUI has unauthorized deletion of knowledge files

Summary An access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin, but NOT that the file actually belongs to this knowledge base. It is thus possible to delete arbitrary files from...

8.1CVSS6AI score0.00252EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder