CVE-2026-6566

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

CVE-2026-28442

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...

CVE-2022-50584

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting XSS vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script ...

CVE-2022-50584

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting XSS vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script ...

CVE-2022-50584 Nagios XI < 5.8.8 Core Config Manager (CCM) XSS via Search & Deletion Flows

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting XSS vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script ...

CVE-2022-50584 Nagios XI < 5.8.8 Core Config Manager (CCM) XSS via Search & Deletion Flows

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting XSS vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script ...

EUVD-2011-4507

Malware in sbrugna...

EUVD-2023-59108

Malicious code in bioql PyPI...

Authentication flaw

A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /file-manager/delete.php of the component Deletion Interface. The manipulation of the argument file leads to improper...

CVE-2023-6907 codelyfe Stupid Simple CMS Deletion Interface delete.php improper authentication

A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /file-manager/delete.php of the component Deletion Interface. The manipulation of the argument file leads to improper...

CVE-2023-6907

The CVE-2023-6907 entry concerns codelyfe Stupid Simple CMS (versions up to 1.2.4). The vulnerability affects the Deletion Interface’s file-manager delete.php, where manipulation of the file parameter leads to improper authentication. Public exploit details exist, indicating potential exploitatio...

PT-2023-32815 · Codelyfe · Codelyfe Stupid Simple Cms

Name of the Vulnerable Software and Affected Versions: codelyfe Stupid Simple CMS versions up to 1.2.4 Description: A critical issue has been found in the Deletion Interface component, specifically in the /file-manager/delete.php file. The manipulation of the file argument leads to improper...

PT-2021-14731 · Jenkins · Jenkins Scriptler Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Scriptler Plugin versions 3.3 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the Jenkins Scriptler Plugin does not escape the name of scripts on the UI when asking t...

CVE-2011-4581

mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface...

CVE-2011-4581

mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface...

CVE-2011-4581

CVE-2011-4581 affects Moodle: mod/wiki/pagelib.php in Moodle 2.0.x (before 2.0.6) and 2.1.x (before 2.1.3) allows remote authenticated users to discover the username of a wiki creator via the history and deletion user interface. The underlying issue is exposure of creator usernames through wiki h...