CVE-2025-34290

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...

CVE-2025-34290 Versa SASE Client for Windows < 7.9.5 Arbitrary Folder Deletion Leading to Local Privilege Escalation

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...

Exploit for CVE-2025-63945

CVE-2025-63945 Tencent iOA EoP Version : before 210.9.28693...

CVE-2025-34294

Wazuh's File Integrity Monitoring FIM, when configured with automatic threat removal, contains a time-of-check/time-of-use TOCTOU race condition that can allow a local, low-privileged attacker to cause the Wazuh service running as NT AUTHORITY\SYSTEM to delete attacker-controlled files or paths...

CVE-2025-34294

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the behavior originates from a documentation-published Active Response example script. Please refer to this advisory https://github.com/wazuh/wazuh-documentation/security/advisories/GHSA-46r5-xp98-fpgg...

CVE-2025-34294

...

EUVD-2023-31718

Malicious code in bioql PyPI...

PT-2024-42: Insufficient authorization in MediaCMS

The vulnerability was identified in MediaCMS, versions 4.1.0. The discovered vulnerability can be exploited by an authorized attacker to delete any directory in the file system knowing its absolute path, as well as substitute the contents of any user file. Vulnerability status: Confirmed by vendo...

CVE-2023-50774

A cross-site request forgery CSRF vulnerability in Jenkins HTMLResource Plugin 1.02 and earlier allows attackers to delete arbitrary files on the Jenkins controller file system...

CVE-2021-31217

In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM...

LvyeCms CustompageController.class.php file has a logical design flaw

LvyeCms 旅烨cms is a php content management system based on ThinkPHP. A logical design vulnerability exists in the LvyeCms CustompageController.class.php file. An attacker can exploit the vulnerability to write, modify, or delete any file in the system...

Low: Red Hat Bug Fix Advisory: conga bug fix update

Updated conga packages that provide critical bug fixes are now available. The Conga package is a web-based administration tool for remote cluster and storage management. This erratum applies the following bug fixes: - The borrowed Zope packages used by Conga have been patched to eliminate a...