Lucene search
+L

10101 matches found

CVE
CVE
added 2026/07/09 9:31 a.m.12 views

CVE-2026-14372

The Bit Form WordPress plugin (Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder) is affected up to version 3.1.1 due to insufficient file path validation in deleteFiles, enabling authenticated users with subscriber+ to delete arbitrary server files (poten...

7.1CVSS6.7AI score0.00691EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.8 views

PT-2026-56962

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements for Elementor: from n/a through...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.9 views

PT-2026-56916

Name of the Vulnerable Software and Affected Versions UsersWP versions prior to 1.2.66 Description Authenticated attackers with Subscriber-level access and above can delete arbitrary files on the server, including the wp-config.php file. This occurs because the validate fields function in UsersWP...

8.8CVSS6.2AI score0.00525EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.7 views

PT-2026-56953

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Golo Framework golo-framework allows PHP Local File Inclusion.This issue affects Golo Framework: from n/a through = 1.7.3...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.6 views

PT-2026-56961

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur Core struktur-core allows PHP Local File Inclusion.This issue affects Struktur Core: from n/a through = 2.5.1...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.5 views

TencentOS Server 4: vim (TSSA-2026:0573)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0573 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

8.4CVSS6.4AI score0.00154EPSS
Exploits0References2
CVE
CVE
added 2026/07/08 8:56 p.m.11 views

CVE-2026-58192

CVE-2026-58192 affects Appium’s storage-plugin: prior to 1.1.6, POST /storage/delete passes user-supplied name into path.join(storageRoot, name) and fs.rimraf() without sanitization, enabling an unauthenticated remote attacker to escape the storage root via ../ and delete arbitrary writable files...

8.6CVSS6.1AI score0.00345EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/07/08 10:3 a.m.11 views

WordPress SureDash plugin <= 1.8.0 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by hhhai in WordPress Plugin SureDash versions = 1.8.0...

9.9CVSS6.1AI score0.00382EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/08 8:59 a.m.5 views

WordPress Groundhogg plugin <= 4.4.1 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by she11f in WordPress Plugin Groundhogg versions = 4.4.1...

8.6CVSS6.1AI score0.00382EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/08 5:16 a.m.11 views

CVE-2026-14487

The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...

9.1CVSS0.0074EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/08 4:30 a.m.34 views

CVE-2026-14487 Simple Coherent Form <= 2.4.13 - Unauthenticated Arbitrary File Deletion via 'id' Parameter

The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...

9.1CVSS0.0074EPSS
Exploits0References6
CVE
CVE
added 2026/07/08 4:30 a.m.19 views

CVE-2026-14487

The CVE-2026-14487 entry concerns the WordPress plugin Simple Coherent Form (SCF). Affected versions are all up to and including 2.4.13. The root cause is insufficient file path validation in the removeUploadDir function, enabling unauthenticated deletion of arbitrary server files (e.g., wp-confi...

9.1CVSS6.8AI score0.0074EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/08 4:30 a.m.10 views

EUVD-2026-42164

The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...

9.1CVSS6.8AI score0.0074EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.7 views

Palo Alto Networks PAN-OS 11.1.x < 11.1.16 / 11.2.x < 11.2.13 / 12.1.x < 12.1.8 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 11.1.x prior to 11.1.16, 11.2.x prior to 11.2.13, or 12.1.x prior to 12.1.8. It is, therefore, affected by a vulnerability. A file deletion vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacke...

6.9CVSS6.7AI score0.00288EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-57873

Name of the Vulnerable Software and Affected Versions Glarysoft Glary Utilities affected versions not specified Description A local privilege escalation flaw exists in the Disk Clean functionality. An attacker with low-privileged code execution capabilities on the target system can create a...

7.3CVSS7.4AI score0.00142EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 8:24 p.m.31 views

CVE-2026-55631 DataEase: Path Traversal Leading to Arbitrary File Deletion via Font Management

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font...

7.2CVSS0.00313EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 8:24 p.m.8 views

CVE-2026-55631 DataEase: Path Traversal Leading to Arbitrary File Deletion via Font Management

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font...

7.2CVSS6.1AI score0.00313EPSS
Exploits0References5
CVE
CVE
added 2026/07/07 8:24 p.m.15 views

CVE-2026-55631

DataEase exposes a path-traversal flaw in the font management module prior to version 2.10.24. Authenticated users could submit an arbitrary fileTransName when creating a font record; on deletion, the stored value is concatenated with the font storage directory and passed to FileUtils.deleteFile(...

7.2CVSS6.1AI score0.00313EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 6:0 a.m.38 views

CVE-2026-12277 Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Deletion via Saved File Metadata Path Traversal

The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...

0.00231EPSS
Exploits1References1
CVE
CVE
added 2026/07/07 6:0 a.m.30 views

CVE-2026-12277

The CVE-2026-12277 vulnerability affects the WordPress Frontend File Manager Plugin (through version 23.6). It describes an improper validation of a file path derived from user input when deleting a referenced file, enabling unauthenticated users to delete arbitrary server files (e.g., wp-config....

8.7CVSS5.9AI score0.00231EPSS
Exploits1References1
Rows per page
Query Builder