Lucene search
K

936 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-61434

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files,...

8.8CVSS0.00579EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42899

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files,...

8.8CVSS6.3AI score0.00579EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-0282

A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web...

6.9CVSS6AI score0.00357EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42679

A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web...

6.9CVSS6AI score0.00357EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42564

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS6.7AI score0.00691EPSS
Exploits0References13
NVD
NVD
added 2026/06/29 3:16 p.m.13 views

CVE-2026-49049

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters...

7.5CVSS0.00228EPSS
Exploits4References1
CVE
CVE
added 2026/06/29 2:34 p.m.118 views

CVE-2026-49049

The CVE-2026-49049 entry concerns the Helix3 Joomla extension by joomshaper. The vulnerability arises from an exposed ajax handler task within Helix3 that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files, and update template parameters. This indicates a remot...

7.5CVSS5.9AI score0.00228EPSS
Exploits4References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.15 views

PT-2026-53282

Name of the Vulnerable Software and Affected Versions Helix3 plugin for Joomla affected versions not specified Description An ajax handler task allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files, and update template parameters. Recommendations At the moment,...

7.5CVSS6AI score0.00228EPSS
Exploits4References12
Cvelist
Cvelist
added 2026/06/09 11:0 p.m.36 views

CVE-2026-46491 SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controll...

8.6CVSS0.00422EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 1:23 p.m.12 views

EUVD-2026-35436

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS5.8AI score0.0027EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 12:0 a.m.19 views

CVE-2026-36726

The CVE-2026-36726 entry describes an arbitrary file deletion vulnerability in bookcars v8.3, exposed at the /api/delete-temp-license/{file} endpoint. The issue allows unauthenticated attackers to delete arbitrary files by supplying directory traversal sequences. The CVSS v3.1 vector indicates Ne...

5.3CVSS5.6AI score0.00511EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.17 views

CVE-2026-7566

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS5.9AI score0.0045EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.15 views

PT-2026-47129

Name of the Vulnerable Software and Affected Versions LearnPress – Backup & Migration Tool versions prior to 4.1.5 Description The plugin is susceptible to PHP Object Injection due to the deserialization of untrusted input. This allows authenticated attackers with administrator-level access or...

6.6CVSS5.8AI score0.0045EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.8 views

CVE-2025-41268

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines...

9.1CVSS5.7AI score0.00437EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-27673

Due to a missing authorization check, SAP S/4HANA Private Cloud and On-Premise allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the...

4.9CVSS5.5AI score0.00158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.9 views

CVE-2026-24464

When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files. Note: Software versions which have reached End of Technica...

6.9CVSS5.1AI score0.00886EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.12 views

CVE-2026-44654

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through DELETE /api/files that the owner has reused across multiple agents. The deletion removes the file globally — not just from the...

8.1CVSS5.4AI score0.00265EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

JoomSky Joomla com_jsjobs 路径遍历漏洞

JoomSky Joomla comjsjobs is a recruitment and job management component provided by JoomSky Inc. Version 1.2.6 of JoomSky Joomla comjsjobs contains a path traversal vulnerability. This vulnerability arises from improper handling of custom user field parameters, which may allow authenticated...

7.1CVSS5.3AI score0.00327EPSS
Exploits0References4
NVD
NVD
added 2026/06/03 1:16 p.m.16 views

CVE-2026-35077

The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.0037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.12 views

PT-2026-45956

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

7CVSS5.9AI score0.00346EPSS
Exploits0References2
Rows per page
Query Builder