CVE-2026-41338 OpenClaw < 2026.3.31 - Time-of-Check-Time-of-Use (TOCTOU) Vulnerability in Sandbox File Operations

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...

CVE-2025-13391

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'unicporemovefile' function in all versions up to, and including, 4.9.60. This makes it possible for...

CVE-2025-13391

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable due to a missing capability check on uni_cpo_remove_file, allowing unauthenticated attackers to delete arbitrary attachments or files stored in Dropbox when the path is known....

CVE-2025-69990

phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in removefile.php. The parameter file can cause any file to be deleted...

CVE-2025-69990

phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in removefile.php. The parameter file can cause any file to be deleted...

PT-2026-2576

CVE-2025-69990 phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove file.php. The parameter file can cause any file to be deleted. https://t.co/0eX7xcTYaJ...

CVE-2019-25296

The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfbuploadform and lfbremoveFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attackers to upload arbitrar...

CVE-2019-25296

The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfbuploadform and lfbremoveFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attackers to upload arbitrar...

PT-2026-1685

Name of the Vulnerable Software and Affected Versions WP Cost Estimation versions up to and including 9.642 Description The WP Cost Estimation plugin for WordPress is affected by a flaw allowing arbitrary file uploads and deletion. This is due to a lack of file type validation in the lfb upload...

Online Bidding System remove.php File SQL Injection Vulnerability

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /administrator/remove.php. An attacker can exploit this vulnerability ...

CVE-2025-10481 SourceCodester Online Student File Management System remove_file.php sql injection

A security vulnerability has been detected in SourceCodester Online Student File Management System 1.0. This impacts an unknown function of the file /removefile.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2025-10481

CVE-2025-10481 affects SourceCodester Online Student File Management System v1.0. The vulnerability exists in the /remove_file.php endpoint, where manipulating the ID parameter leads to SQL injection. Remote exploitation is possible and, per sources, the exploit has been disclosed publicly. Multi...

PT-2025-37772

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Student File Management System version 1.0 Description: A security issue has been identified in SourceCodester Online Student File Management System. The vulnerability resides in the /remove file.php file, specifically...

SourceCodester Online Student File Management SQL注入漏洞

SourceCodester Online Student File Management is a SourceCodester open source online student file management system. A SQL injection vulnerability exists in SourceCodester Online Student File Management version 1.0, which stems from incorrect manipulation of the parameter ID in the file...

PT-2025-35218

Name of the Vulnerable Software and Affected Versions: yeqifu carRental versions prior to 3fabb7eae93d209426638863980301d6f99866b3 Description: A path traversal issue exists in the removeFileByPath function within the src/main/java/com/yeqifu/sys/utils/AppFileUtils.java file. The manipulation of...

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2023-31151 · Microsoft · Microsoft-Graph-Core

Name of the Vulnerable Software and Affected Versions: microsoft-graph-core versions prior to 2.0.2 Description: The Microsoft Graph Beta PHP SDK contains test code that enables the use of the phpInfo function from any application that can access and execute the file at...

CVE-2023-0291

The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsmremovefilefdquestion AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrar...

CVE-2022-28478

SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system...

CVE-2022-28478

SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system...