10101 matches found
CVE-2026-14372
The Bit Form WordPress plugin (Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder) is affected up to version 3.1.1 due to insufficient file path validation in deleteFiles, enabling authenticated users with subscriber+ to delete arbitrary server files (poten...
PT-2026-56962
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements for Elementor: from n/a through...
PT-2026-56916
Name of the Vulnerable Software and Affected Versions UsersWP versions prior to 1.2.66 Description Authenticated attackers with Subscriber-level access and above can delete arbitrary files on the server, including the wp-config.php file. This occurs because the validate fields function in UsersWP...
PT-2026-56953
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Golo Framework golo-framework allows PHP Local File Inclusion.This issue affects Golo Framework: from n/a through = 1.7.3...
PT-2026-56961
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur Core struktur-core allows PHP Local File Inclusion.This issue affects Struktur Core: from n/a through = 2.5.1...
TencentOS Server 4: vim (TSSA-2026:0573)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0573 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
CVE-2026-58192
CVE-2026-58192 affects Appium’s storage-plugin: prior to 1.1.6, POST /storage/delete passes user-supplied name into path.join(storageRoot, name) and fs.rimraf() without sanitization, enabling an unauthenticated remote attacker to escape the storage root via ../ and delete arbitrary writable files...
WordPress SureDash plugin <= 1.8.0 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by hhhai in WordPress Plugin SureDash versions = 1.8.0...
WordPress Groundhogg plugin <= 4.4.1 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by she11f in WordPress Plugin Groundhogg versions = 4.4.1...
CVE-2026-14487
The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...
CVE-2026-14487 Simple Coherent Form <= 2.4.13 - Unauthenticated Arbitrary File Deletion via 'id' Parameter
The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...
CVE-2026-14487
The CVE-2026-14487 entry concerns the WordPress plugin Simple Coherent Form (SCF). Affected versions are all up to and including 2.4.13. The root cause is insufficient file path validation in the removeUploadDir function, enabling unauthenticated deletion of arbitrary server files (e.g., wp-confi...
EUVD-2026-42164
The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...
Palo Alto Networks PAN-OS 11.1.x < 11.1.16 / 11.2.x < 11.2.13 / 12.1.x < 12.1.8 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 11.1.x prior to 11.1.16, 11.2.x prior to 11.2.13, or 12.1.x prior to 12.1.8. It is, therefore, affected by a vulnerability. A file deletion vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacke...
PT-2026-57873
Name of the Vulnerable Software and Affected Versions Glarysoft Glary Utilities affected versions not specified Description A local privilege escalation flaw exists in the Disk Clean functionality. An attacker with low-privileged code execution capabilities on the target system can create a...
CVE-2026-55631 DataEase: Path Traversal Leading to Arbitrary File Deletion via Font Management
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font...
CVE-2026-55631 DataEase: Path Traversal Leading to Arbitrary File Deletion via Font Management
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font...
CVE-2026-55631
DataEase exposes a path-traversal flaw in the font management module prior to version 2.10.24. Authenticated users could submit an arbitrary fileTransName when creating a font record; on deletion, the stored value is concatenated with the font storage directory and passed to FileUtils.deleteFile(...
CVE-2026-12277 Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Deletion via Saved File Metadata Path Traversal
The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...
CVE-2026-12277
The CVE-2026-12277 vulnerability affects the WordPress Frontend File Manager Plugin (through version 23.6). It describes an improper validation of a file path derived from user input when deleting a referenced file, enabling unauthenticated users to delete arbitrary server files (e.g., wp-config....