Lucene search
K

202 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-14487

The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...

9.1CVSS0.0074EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-55284

Name of the Vulnerable Software and Affected Versions TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress versions prior to 3.6.14 Description Insufficient file path validation in the delete converted image size function allows authenticated attackers with author-level access or...

8.1CVSS6.3AI score0.0067EPSS
Exploits0References15
EUVD
EUVD
added 2026/06/25 12:33 a.m.5 views

EUVD-2026-39114

ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ATEN Unizon. Authentication is not required to exploit this vulnerability. The specific fl...

7.5CVSS7AI score0.0158EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52196

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.10 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description An issue exists in the Web IDE workbench where improper path validation allows an unauthenticated...

8CVSS6.1AI score0.00222EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/06/24 9:36 p.m.16 views

CVE-2026-9774 ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability

ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

5.5CVSS0.01195EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 8:29 a.m.9 views

CVE-2026-11911

The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the eeSFLDeleteFile function in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...

7.5CVSS6.7AI score0.0078EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-49051

Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

6.5CVSS6.3AI score0.01254EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 2:4 p.m.32 views

CVE-2026-45564

CVE-2026-45564 affects Roxy-WI web interface for managing HAProxy/Nginx/Apache/Keepalived. In versions up to and including 8.2.6.4, POST /config/versions////save interpolates the URL-path parameter directly into a config-version path that resolves to a shell command: os.system("dos2unix -q {cfg}...

8.8CVSS5.5AI score0.00304EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/06 12:31 a.m.11 views

EUVD-2025-210080

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the deletecancelstagingsite function in all versions up to, and including, 0.9.128. This makes it possible for authenticated...

3.8CVSS5.6AI score0.00263EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-3892

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

8.1CVSS5.6AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-5816

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions...

8.1CVSS5.9AI score0.00407EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/04 6:40 p.m.9 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS5.9AI score0.00323EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

gleam 安全漏洞

Gleam is an open-source, type-safe, extensible system construction language developed by Gleam. There are security vulnerabilities in the Gleam version 1.16.0 to 1.17.0. These vulnerabilities stem from insufficient validation of path handling for custom document pages, which may allow arbitrary...

4.6CVSS5.5AI score0.00152EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/28 12:15 a.m.38 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS6.4AI score0.01557EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-45571

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted...

5.4CVSS5.8AI score0.00297EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:57 p.m.11 views

CVE-2026-45571

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were...

5.4CVSS5.8AI score0.00297EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/27 2:57 p.m.33 views

CVE-2026-45571

Summary for CVE-2026-45571 (go-git) : The vulnerability affects the go-git library prior to version 5.19.1 and 6.0.0-alpha.4, where a path validation issue could allow crafted repository data to affect files outside the intended checkout target, including the repository’s .git directory. The root...

5.4CVSS5.8AI score0.00297EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2026/05/27 12:0 a.m.16 views

Erlang/OTP -- public_key accepts non-CA certificate as intermediate issuer

https://github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq reports: Erlang/OTP's publickey application contains a path-validation flaw where non-CA certificates lacking keyUsage extensions can be accepted as intermediate issuers. An attacker with an end-entity certificate issued by a...

8CVSS5.9AI score0.00322EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

WordPress plugin Motors 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00256EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 2:15 p.m.11 views

CVE-2026-6282

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

8.6CVSS5.8AI score0.00391EPSS
Exploits0References2
Rows per page
Query Builder