Lucene search
K

357 matches found

EUVD
EUVD
added 5 days ago9 views

EUVD-2026-38036

PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles...

3CVSS5.9AI score0.00112EPSS
Exploits0References5
NVD
NVD
added 5 days ago5 views

CVE-2026-57321

Contributor Arbitrary File Deletion in H5P = 1.17.7 versions...

7.1CVSS0.00294EPSS
Exploits0References1
CVE
CVE
added 5 days ago7 views

CVE-2026-56066

CVE-2026-56066 affects the WordPress ShortPixel Adaptive Images plugin up to version 3.11.4, describing an unauthenticated Arbitrary File Deletion vulnerability. The connected records confirm the affected product and the nature of the issue but do not provide details on attack vectors, root cause...

5.8CVSS5.8AI score0.00346EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-52435

Name of the Vulnerable Software and Affected Versions JS Help Desk versions prior to 3.1.2 Description Low-privileged subscribers can remotely delete critical files due to a path traversal issue. Path traversal is a flaw that allows an attacker to access or manipulate files outside the intended...

7.7CVSS5.8AI score0.0045EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-51671

Name of the Vulnerable Software and Affected Versions Advanced Contact Form 7 - Compact DB versions prior to 1.0.1 Description Unauthenticated attackers can delete arbitrary contact form submission entries stored in the wp cf7cdb data table. This occurs because the cf7cdb ajax delete user functio...

5.3CVSS5.9AI score0.00295EPSS
Exploits0References8
NVD
NVD
added 2026/06/17 1:19 p.m.9 views

CVE-2025-60223

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...

7.7CVSS0.0045EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50414

Name of the Vulnerable Software and Affected Versions Fusion Builder versions prior to 3.15.5 Description A path traversal issue allows users with the Contributor role to delete arbitrary files on the server. Recommendations Limit user roles as a temporary mitigation measure. At the moment, there...

7.7CVSS5.3AI score0.00337EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 8:56 p.m.15 views

CVE-2025-69103

CVE-2025-69103 affects WordPress Brikk theme ≤ 3.0.0. According to the records, a Subscriber can cause Arbitrary Content Deletion. CVSS 3.1 base score 7.5 (HIGH) with NETWORK attack vector, Low attack complexity, no privileges required, no user interaction, availability impact. No root-cause deta...

7.5CVSS5.2AI score0.00407EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:56 p.m.20 views

CVE-2025-69103 WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability

Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...

7.5CVSS0.00407EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.27 views

CVE-2026-49766 WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...

9.9CVSS0.00506EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.9 views

PT-2026-48538

Name of the Vulnerable Software and Affected Versions anyquery versions prior to 0.4.5 Description A path traversal issue exists in the SQL scalar function clear plugin cache within the namespace/other functions.go file. The function accepts a plugin argument and passes it to path.Join and...

7.3CVSS5.9AI score0.0003EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 12:0 a.m.9 views

CVE-2026-36726

An arbitrary file deletion vulnerability in the /api/delete-temp-license/file endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences...

5.6AI score0.00511EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/06 12:31 a.m.8 views

EUVD-2025-210080

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the deletecancelstagingsite function in all versions up to, and including, 0.9.128. This makes it possible for authenticated...

3.8CVSS5.6AI score0.00263EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/05 7:43 p.m.12 views

skillctl: Path traversal and symlink-follow in skillctl allow arbitrary file disclosure and deletion

Impact skillctl 0.1.0 and 0.1.1 contained four path-safety vulnerabilities that, in combination, allowed an attacker to: 1. Exfiltrate arbitrary files on the operator's machine by publishing a malicious skills library containing a symlink inside a skill folder e.g. niania →...

5.6AI score
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/04 6:40 p.m.7 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS5.9AI score0.00323EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/03 3:17 p.m.8 views

CVE-2026-42318 GLPI Vulnerable to Arbitrary Item Deletion via Planning Endpoint

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI. Upgrade to 11.0.7 or 10.0.25 to receive a patch. As a workaround, disable delete rights for User'...

7CVSS5.8AI score0.00291EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 3:17 p.m.42 views

CVE-2026-42318 GLPI Vulnerable to Arbitrary Item Deletion via Planning Endpoint

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI. Upgrade to 11.0.7 or 10.0.25 to receive a patch. As a workaround, disable delete rights for User'...

7CVSS0.00291EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 3:17 p.m.15 views

CVE-2026-42318

GLPI versions affected: 9.5.0 and prior to 10.0.25, and prior to 11.0.7. The issue allows low-privilege users with access to the Planning feature to delete any object in GLPI. The root cause details are not explicitly described beyond exploitation via the Planning endpoint. Impact is the potentia...

7CVSS5.8AI score0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 2:16 p.m.10 views

CVE-2026-43965

Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read from build/packages/packages.toml by LocalPackages::readfromdisc are passed without validation to paths.buildpackagespackage, whi...

5.6CVSS0.00152EPSS
Exploits0References4
CVE
CVE
added 2026/06/02 1:41 p.m.43 views

CVE-2026-43965

Gleam path traversal vulnerability CVE-2026-43965 allows arbitrary directory deletion via malicious build/packages/packages.toml content. During deps download, package keys read from build/packages/packages.toml are passed to path construction without validation, enabling absolute or relative tra...

5.6CVSS5.9AI score0.00152EPSS
Exploits0References4
Rows per page
Query Builder