Lucene search
K

28 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-13250

The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete all...

5.3CVSS0.00273EPSS
Exploits0References8
NVD
NVD
added 2026/06/26 7:16 a.m.9 views

CVE-2026-8380

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugi...

6.5CVSS0.00342EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 6:0 a.m.28 views

CVE-2026-8380

The CVE-2026-8380 issue affects the Frontend File Manager (nmedia-user-file-uploader) WordPress plugin

6.5CVSS5.9AI score0.00342EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/29 10:9 p.m.11 views

Sequence of Processor Instructions Leads to Unexpected Behavior

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Sequence of Processor Instructions Leads to Unexpected Behavior through the fielddelete process. An attacker can permanently remove...

7.1CVSS5.8AI score0.00029EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/06 7:42 p.m.7 views

CVE-2026-40309 Masa CMS CSRF in trash management allows unauthorized permanent deletion of deleted content

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...

7.2CVSS5.7AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 7:42 p.m.9 views

CVE-2026-40309

CVE-2026-40309 : Masa CMS (fork of Mura CMS) contains a CSRF flaw in the trash management path. In versions up to 7.5.2, cTrash.empty does not validate anti-CSRF tokens, allowing an authenticated administrator to be tricked into submitting a forged request that permanently deletes all trashed con...

7.2CVSS5.7AI score0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.11 views

Masa CMS 跨站请求伪造漏洞

Masa CMS is a digital experience platform organized by Masa CMS. Versions of Masa CMS 7.5.2 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the cTrash.empty function not verifying the anti-CSRF token, which could allow attackers to induce...

7.2CVSS5.7AI score0.00165EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/22 9:31 a.m.3 views

EUVD-2026-24670

The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The deleteterm function, which handles the 'tpmcatttdeleteterm' AJAX action, does not perform any capability check e.g., currentusercan to verify the...

4.3CVSS5.8AI score0.00245EPSS
Exploits0References6
OSV
OSV
added 2026/04/21 12:4 p.m.4 views

BIT-GRAFANA-2026-21727 Grafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 Record

--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: " Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cve: CVE-2026-21727 cvssscore: "3.3" cvssvector:...

3.3CVSS5.7AI score0.00204EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 11:51 p.m.12 views

CVE-2026-40581

CVE-2026-40581 affects ChurchCRM prior to 7.2.0. The issue is a CSRF-like flaw in the family records deletion endpoint (SelectDelete.php) that uses a plain GET request with no CSRF validation, enabling an authenticated administrator to trigger permanent deletion of targeted family records and all...

8.1CVSS5.7AI score0.00199EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/15 6:57 p.m.4 views

CVE-2026-21727 Grafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 Record

--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: " Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cve: CVE-2026-21727 cvssscore: "3.3" cvssvector:...

3.3CVSS5.7AI score0.00204EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 6:57 p.m.64 views

CVE-2026-21727

Technical details for CVE-2026-21727 are not publicly available in the provided documents. Monitor for updates.

3.3CVSS5.7AI score0.00204EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/15 6:57 p.m.4 views

CVE-2026-21727 Grafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 Record

--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: " Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cve: CVE-2026-21727 cvssscore: "3.3" cvssvector:...

3.3CVSS5.9AI score0.00204EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.5 views

CVE-2025-55046

MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.empty function lacks CSRF token validation, enabling malicious websites to forge requests that...

8.1CVSS5.8AI score0.00124EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/20 5:25 p.m.8 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the RemoveProjectBackground process. An attacker can permanently delete background images by sending a DELETE request to the relevant API endpoint with only read-level permissions. Remediation Upgrade...

5.4CVSS5.9AI score0.00211EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/18 6:31 p.m.11 views

EUVD-2025-208834

MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.empty function lacks CSRF token validation, enabling malicious websites to forge requests that...

5.8AI score0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/18 12:0 a.m.3 views

CVE-2025-55046

MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.empty function lacks CSRF token validation, enabling malicious websites to forge requests that...

5.8AI score0.00124EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/03/16 2:22 p.m.7 views

Delete doesn’t mean gone. Here’s how File Shredder fixes that

You have done it a thousand times. Right-click. Delete. Empty Trash. Done. Except it's not done. That file, your tax return, your private photos, that EmbezzlementPlan.doc… it's all still sitting on your drive. Invisible to you, but not to anyone with a $30 recovery tool downloaded from the...

6AI score
Exploits0
Snyk
Snyk
added 2026/03/05 11:7 p.m.1 views

Incorrect Permission Assignment for Critical Resource

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the tusDeleteHandler in http/tushandlers.go. An attacker can permanently delete any file or directory within the...

9.1CVSS5.8AI score0.00487EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.9 views

PT-2026-21279

ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below have an unvalidated command-line argument that allows any user to trigger recursive deletion of arbitrary directories on the Windows filesystem. ADB Explorer accepts an optional path argument to set a custom data...

7.1CVSS5.9AI score0.00223EPSS
Exploits1References4
Rows per page
Query Builder