CVE-2025-14895

The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that a user is authorized to access the /popup/logs REST API endpoint. This makes it possible for authenticated attackers, with...

CVE-2025-11862 Verve Asset Manager Access Control Vulnerability

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API...

The vulnerability of the deletePackages method in the HPE StoreOnce VSA virtual storage system allows a attacker to gain access to read and delete any files they desire.

The vulnerability of the deletePackages method in the HPE StoreOnce VSA virtual storage system is related to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to read and...

CVE-2019-18253

An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior outside the intended directory...

Arbitrary File Traversal Read Delete Vulnerability in Shida Highway Project Management Information System

Servcorp Highway Project Management Information System is an engineering project management platform developed for project participants. The Servcorp Expressway Project Management Information System has an arbitrary file traversal read and delete vulnerability that can be exploited by an attacker...