Lucene search
K

25 matches found

NVD
NVD
added yesterday6 views

CVE-2026-50284

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDeleteFolder only requires the deleteAssets: permission for the target folder. It never enforces deletePeerAssets:, even though Assets::deleteFoldersByIds...

7.1CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday17 views

CVE-2026-50284 Craft CMS: Missing peer-permission check in `AssetsController::actionDeleteFolder` allows deletion of other users' assets

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDeleteFolder only requires the deleteAssets: permission for the target folder. It never enforces deletePeerAssets:, even though Assets::deleteFoldersByIds...

7.1CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-50284

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDeleteFolder only requires the deleteAssets: permission for the target folder. It never enforces deletePeerAssets:, even though Assets::deleteFoldersByIds...

7.1CVSS5.8AI score
Exploits0References3Affected Software1
CVE
CVE
added yesterday14 views

CVE-2026-50284

Craft CMS (versions 5.0.0-RC1–5.9.21 and 4.0.0-RC1–4.17.14) has a privilege check flaw in AssetsController::actionDeleteFolder: it only enforces deleteAssets: for the target folder and does not enforce deletePeerAssets:, allowing a low-privilege user with folder-management rights on a shared volu...

7.1CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/15 6:36 p.m.7 views

CVE-2026-45008 phpMyFAQ - Path Traversal in Client::deleteClientFolder via URL Parameter

phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCEDELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../ in the client URL parameter to recursively delete...

7CVSS5.9AI score0.00266EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:42 a.m.5 views

CVE-2023-0727

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxdeletefolder function. This makes it possible for unauthenticated attackers to invoke this function via...

5.4CVSS4.3AI score0.00322EPSS
Exploits0References1
OSV
OSV
added 2024/11/22 10:15 p.m.4 views

CVE-2024-7233

Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system ...

7.8CVSS6.2AI score
Exploits0References1
OSV
OSV
added 2024/11/22 10:15 p.m.5 views

CVE-2024-7237

AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in ord...

7.8CVSS6.2AI score0.00344EPSS
Exploits0References1
OSV
OSV
added 2024/11/22 10:15 p.m.4 views

CVE-2024-7232

Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system ...

7.8CVSS7.4AI score0.00387EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/29 12:0 a.m.3 views

PT-2024-38193 · Avast · Avast Free Antivirus

Name of the Vulnerable Software and Affected Versions: Avast Free Antivirus affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged...

7.8CVSS7.5AI score0.00387EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/29 12:0 a.m.4 views

PT-2024-38192 · Avast · Avast Free Antivirus

Name of the Vulnerable Software and Affected Versions: Avast Free Antivirus affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged...

7.8CVSS7.5AI score0.00387EPSS
Exploits0References3
OSV
OSV
added 2024/01/23 9:15 p.m.3 views

CVE-2023-52094

An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute...

7.8CVSS6AI score0.00311EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/11/04 12:0 a.m.7 views

The software for remote control of computers with Intel vPro processors is vulnerable due to a misconfiguration in the link that is accessed before accessing the file. This allows a malicious user to delete any folder they choose.

The vulnerability of the software for remote control of computers with Intel vPro processors in Dell Command Intel vPro Out of Band mode is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability could allow a malicious individual to delete any...

4.7CVSS5.5AI score0.00177EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.3 views

CVE-2023-0717

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxdeletefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke th...

5.4CVSS5.9AI score0.00576EPSS
Exploits0References4
OSV
OSV
added 2023/02/08 2:15 a.m.5 views

CVE-2023-0717

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxdeletefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke th...

4.3CVSS6.5AI score0.00576EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2023/02/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-0717

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxdeletefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

5.4CVSS6.5AI score0.00576EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/08 12:0 a.m.5 views

PT-2023-16473 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax delete folder function, allowing authenticated attackers with subscriber-level permissions...

5.4CVSS5.2AI score0.00576EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/02/08 12:0 a.m.5 views

WordPress plugin Wicked Folders 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

5.4CVSS6.3AI score0.00576EPSS
Exploits0References4
OSV
OSV
added 2023/02/07 11:15 p.m.5 views

CVE-2023-0727

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxdeletefolder function. This makes it possible for unauthenticated attackers to invoke this function via...

4.3CVSS5.6AI score0.00322EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/07 11:15 p.m.2 views

CVE-2023-0727

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxdeletefolder function. This makes it possible for unauthenticated attackers to invoke this function via...

5.4CVSS5.8AI score0.00322EPSS
Exploits0References4
Rows per page
Query Builder