PT-2025-50816

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blaze demo importer install demo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...

CVE-2020-36883

SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to...

CVE-2025-37135 Authenticated Arbitrary File Deletion Vulnerabilities in AOS-8 Controller/Mobility Conductor Command Line Interface (CLI)

Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...

EUVD-2005-0333

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-14466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file...

WordPress NinjaScanner plugin file path validation deficiency vulnerability

WordPress NinjaScanner plugin is a lightweight, fast and powerful virus scanning plugin designed for WordPress to detect malware and viruses in websites. WordPress NinjaScanner plugin suffers from an insufficient file path validation vulnerability that can be exploited by an attacker to cause...

WordPress plugin Ajax Load More 安全漏洞

WordPress Ajax Load More plugin is an open source plugin , mainly used to achieve infinite scrolling of website content and lazy loading function , optimize the user experience through AJAX technology . WordPress Ajax Load More plugin has an authorization issue vulnerability, the vulnerability...

CVE-2025-2503

An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user...

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

CVE-2022-1777

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...

CVE-2021-33354

Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...

AXIS Camera Station Pro 安全漏洞

AXIS Camera Station Pro is a powerful and flexible video management and access control from Axis Sweden. AXIS Camera Station Pro has a security vulnerability that originates from a non-administrative user who may cause a boot loop by redirecting file deletions...

WordPress plugin Everest Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress plugin WordPress File Upload 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

AXIS Camera Station Pro 安全漏洞

AXIS Camera Station Pro is a powerful and flexible video management and access control from Axis Sweden. A security vulnerability exists in AXIS Camera Station Pro versions prior to 6.4, which originates from a non-administrative user being able to gain system privileges by redirecting file...

PT-2024-38424 · WordPress · Favicon Generator

Name of the Vulnerable Software and Affected Versions: Favicon Generator plugin for WordPress versions up to, and including, 1.5 Description: The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the output sub admin...

CVE-2024-4328

A Cross-Site Request Forgery CSRF vulnerability exists in the clearpersonalityfileslist function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users...

CVE-2023-37244

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...

CVE-2023-37244

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...

CVE-2023-37244

The CVE-2023-37244 entry concerns AutomationManager.AgentService.exe and describes a TOCTOU race condition that lets standard users create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp. This could enable an attacker to manipulate the process into performing arbitra...