Lucene search
K

62 matches found

OSV
OSV
added 2026/06/10 5:11 p.m.6 views

GHSA-J9RX-RPPG-6HH4 Anyquery has Path Traversal through `clear_plugin_cache`, Allowing Arbitrary Directory Deletion

Path Traversal in clearplugincache Allows Arbitrary Directory Deletion | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 | | Vulnerability | CWE-22 — Improper Limitation of a Pathname to a Restricted Directory | | Severity | High | Summa...

7.3CVSS5.8AI score0.0003EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/10 5:11 p.m.12 views

Anyquery has Path Traversal through `clear_plugin_cache`, Allowing Arbitrary Directory Deletion

Path Traversal in clearplugincache Allows Arbitrary Directory Deletion | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 | | Vulnerability | CWE-22 — Improper Limitation of a Pathname to a Restricted Directory | | Severity | High | Summa...

5.8AI score0.0003EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/05 11:28 p.m.8 views

CVE-2025-12656 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.128 - Authenticated (Admin+) Arbitrary Directory Deletion

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the deletecancelstagingsite function in all versions up to, and including, 0.9.128. This makes it possible for authenticated...

3.8CVSS5.6AI score0.00263EPSS
Exploits0References6
CVE
CVE
added 2026/06/05 11:28 p.m.20 views

CVE-2025-12656

The WPvivid Backup & Migration plugin for WordPress is affected by an arbitrary directory deletion vulnerability due to insufficient file path validation in delete_cancel_staging_site() in all versions up to and including 0.9.128. Authenticated attackers with Administrator-level access can delete...

3.8CVSS5.6AI score0.00263EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/05 11:28 p.m.39 views

CVE-2025-12656 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.128 - Authenticated (Admin+) Arbitrary Directory Deletion

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the deletecancelstagingsite function in all versions up to, and including, 0.9.128. This makes it possible for authenticated...

3.8CVSS0.00263EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.9 views

CVE-2026-43965

Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read from build/packages/packages.toml by LocalPackages::readfromdisc are passed without validation to paths.buildpackagespackage, whi...

5.6CVSS5.6AI score0.00152EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/05 10:43 a.m.10 views

WordPress WPvivid — Backup, Migration & Staging plugin <= 0.9.128 - Authenticated (Admin+) Arbitrary Directory Deletion vulnerability

Authenticated Admin+ Arbitrary Directory Deletion vulnerability discovered by blue0x1 in WordPress Plugin WPvivid Backup and Migration versions = 0.9.128...

3.8CVSS5.5AI score0.00263EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.18 views

PT-2026-47066

Name of the Vulnerable Software and Affected Versions WPvivid Backup & Migration versions prior to 0.9.129 Description The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress allows authenticated attackers with Administrator-level access and above to delete arbitrary...

3.8CVSS5.6AI score0.00263EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/06/02 1:41 p.m.8 views

CVE-2026-43965 Path Traversal in build/packages/packages.toml Allows Arbitrary Directory Deletion

Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read from build/packages/packages.toml by LocalPackages::readfromdisc are passed without validation to paths.buildpackagespackage, whi...

5.6CVSS5.9AI score0.00152EPSS
Exploits0References4
NVD
NVD
added 2026/06/01 7:16 p.m.10 views

CVE-2026-45727

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakser...

8.8CVSS0.00475EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 5:23 p.m.14 views

EUVD-2026-33724

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakser...

8.8CVSS5.9AI score0.00475EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 5:23 p.m.9 views

CVE-2026-45727 CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakser...

8.8CVSS5.9AI score0.00475EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.20 views

PT-2026-41798

Name of the Vulnerable Software and Affected Versions CloakBrowser versions prior to 0.3.28 Description The cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker...

8.8CVSS5.9AI score0.00475EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 8:47 p.m.15 views

phpMyFAQ: Path Traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins

Summary Client::deleteClientFolder in phpmyfaq/src/phpMyFAQ/Instance/Client.php:583 takes a URL from the caller, strips the https:// prefix, and passes the remainder to Filesystem::deleteDirectory relative to the multisite clientFolder. No path-traversal validation runs. An admin with the...

7CVSS6AI score0.00266EPSS
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:9 p.m.3 views

CVE-2026-41383

OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirr...

8.1CVSS5.7AI score0.00371EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/04/17 2:8 a.m.7 views

WordPress JetBackup plugin <= 3.1.19.8 - Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal in 'fileName' Parameter vulnerability

Authenticated Administrator+ Arbitrary Directory Deletion via Path Traversal in 'fileName' Parameter vulnerability discovered by lucsob in WordPress Plugin Backup Guard versions = 3.1.19.8...

4.9CVSS5.8AI score0.00713EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/04/15 1:13 p.m.4 views

WordPress Eleganzo plugin <= 1.2 - Authenticated (Subscriber+) Arbitrary Directory Deletion vulnerability

Authenticated Subscriber+ Arbitrary Directory Deletion vulnerability discovered by Phat RiO in WordPress Theme Eleganzo versions = 1.2...

6.5CVSS5.8AI score0.00344EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/15 4:17 a.m.8 views

CVE-2025-15470

The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in the akdrequiredplugincallback function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

6.5CVSS0.00344EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 11:26 p.m.9 views

CVE-2025-15470

The CVE describes an arbitrary directory deletion vulnerability in the Eleganzo WordPress theme (versions

6.5CVSS5.9AI score0.00344EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 11:26 p.m.3 views

CVE-2025-15470

The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in the akdrequiredplugincallback function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

6.5CVSS5.9AI score0.00344EPSS
Exploits0References3
Rows per page
Query Builder