CVE-2026-41009 - Local Blobstore may allow arbitrary reads/deletes | Cloud Foundry

MEDIUM CVSSv4: Medium 4.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:L CVSSv3: Medium 5.8 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:L Vendor Cloud Foundry Foundation Versions Affected Severity is MEDIUM unless otherwise noted. BOSH Director – All versions prior to v282.1.12...

GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository

🧾 Summary A vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and...

PT-2026-33383

Name of the Vulnerable Software and Affected Versions Lego versions prior to 4.34.0 Description The webroot HTTP-01 challenge provider in Lego is subject to arbitrary file write and deletion via path traversal. A malicious ACME server can provide a crafted challenge token containing ../ sequences...

GHSA-PH8X-4JFV-V9V8 Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG

The fix for CVE-2026-27598 commit e2ed589, PR 1691 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE, RENAME, EXECUTE - all pass the fileName URL path parameter to locateDAG without...

CVE-2026-28793 Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, th...

Linux Distros Unpatched Vulnerability : CVE-2017-11183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. CVE-2017-11183 Note tha...

CVE-2023-26957

onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...

CVE-2022-27333

idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data...

WordPress WP Optin Wheel plugin <= 1.3.4 - Subscriber+ Arbitrary Delete Wheels or Posts vulnerability

Subscriber+ Arbitrary Delete Wheels or Posts vulnerability discovered in WordPress WP Optin Wheel plugin versions = 1.3.4. Solution Update the WordPress WP Optin Wheel plugin to the latest available version at least 1.3.5...

Cross site request forgery (csrf)

A cross-site request forgery CSRF in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs...

New Flaws in Top Antivirus Software Could Make Computers More Vulnerable

Cybersecurity researchers today disclosed details of security vulnerabilities found in popular antivirus solutions that could enable attackers to elevate their privileges, thereby helping malware sustain its foothold on the compromised systems. According to a report published by CyberArk research...

CVE-2020-13522

An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet IRP can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability...

Input validation

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026...

Microsoft Data Sharing - Local Privilege Escalation Exploit

Exploit for windows platform in category local exploits Microsoft Data Sharing - Local Privilege Escalation Exploit Bug description: RpcDSSMoveFromSharedFilehandle,L"token",L"c:\blah1\pci.sys"; This function exposed over alpc, has a arbitrary delete vuln. Hitting the timing was pretty annoying...

Microsoft Data Sharing - Local Privilege Escalation (PoC)

Microsoft Data Sharing - Local Privilege Escalation PoC Bug description: RpcDSSMoveFromSharedFilehandle,L"token",L"c:\blah1\pci.sys"; This function exposed over alpc, has a arbitrary delete vuln. Hitting the timing was pretty annoying. But my PoC will keep rerunning until...

Microsoft Data Sharing - Local Privilege Escalation (PoC)

Bug description: RpcDSSMoveFromSharedFilehandle,L"token",L"c:\blah1\pci.sys"; This function exposed over alpc, has a arbitrary delete vuln. Hitting the timing was pretty annoying. But my PoC will keep rerunning until c:\windows\system32\drivers\pci.sys is deleted. I believe it's impossible to hit...

emlog 5.3.1 arbitrary delete vulnerability of the three

No description provided by source...

Memorial Web Site Script Multiple Arbitrary Delete Vuln

No description provided by source. ----------------------------------------------------------------------------------------- Memorial Web Site Script Multiple Arbitrary Delete Vuln ----------------------------------------------------------------------------------------- Author : Chip D3 Bi0s Emai...

Prozilla Top 100 1.2 - Arbitrary Delete Stats Vulnerability

No description provided by source. --==+================================================================================+==-- --==+ Prozilla Top 100 1.2 Arbitrary Delete Stats Vulnerability +==-- --==+================================================================================+==-- Discovered...

Babbsacks babbiges Board 2.8 Full Multiple Vulnerabilites

Exploit for php platform in category web applications Exploit Title: Babbsacks babbiges Board 2.8 Full Multiple Vulnerabilites Date: 12/08/2012 Author: GoLdM Vendor or Software Link: http://sourceforge.net/projects/babb/ Category:: Local File Disclosure + Arbitrary Delete + File Overwrite Google...