Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete

Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. id: CVE-2021-46424 info: name: Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete author: gy741 severity:...

CVE-2026-0259

CVE-2026-0259 affects Palo Alto Networks WildFire Appliance WF-500 and WF-500-B operating in the default non-FIPS configuration. It enables an arbitrary File Read and Delete vulnerability over the network, allowing access to sensitive information and deletion of arbitrary files. Impact is describ...

CVE-2026-0259 WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B)

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

CVE-2026-33733

CVE-2026-33733 affects EspoCRM prior to version 9.3.4, where admin TemplateManager endpoints incorrectly handle attacker-controlled name and scope values. This allows an authenticated admin to use directory traversal (../) to escape the intended template directory and read, create, overwrite, or ...

CVE-2026-33733 EspoCRM has Admin TemplateManager path traversal that allows arbitrary file read write and delete

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled name and scope values and pass them into template path construction without normalization or traversal filtering. As a result, an...

CVE-2026-3464

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajaxattachfile' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator...

PT-2026-33465

Name of the Vulnerable Software and Affected Versions WP Customer Area versions prior to 8.3.5 Description Insufficient file path validation in the ajax attach file function allows authenticated attackers with roles granted by an administrator, such as Subscriber, to read or delete arbitrary file...

ACME Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider

Summary The webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to write attacker-influenced content to any path writable by the lego...

CVE-2026-34790

Endian Firewall versions 3.3.25 and prior are affected. The vulnerability resides in /cgi-bin/backup.cgi where the remove ARCHIVE parameter is used to build a file path without sanitizing directory traversal sequences, and the path is passed to unlink(). This allows an authenticated user to delet...

PT-2026-26485

Name of the Vulnerable Software and Affected Versions dagu versions 2.0.0 through 2.3.0 Description Dagu suffers from a path traversal issue due to incomplete fixes for CVE-2026-27598. The initial fix addressed path traversal in the CreateNewDAG function, but the locateDAG function still allows...

TinaCMS Vulnerable to Path Traversal Leading to Arbitrary File Read, Write and Delete

Summary The TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. Details When running tinacms dev, the CLI starts a local HTTP server default port...

GHSA-2F24-MG4X-534Q TinaCMS Vulnerable to Path Traversal Leading to Arbitrary File Read, Write and Delete

Summary The TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. Details When running tinacms dev, the CLI starts a local HTTP server default port...

CVE-2026-28793 Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, th...

CVE-2026-28792 Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

CVE-2025-15313

Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS...

📄 NFR Agent 1.0.4.2 Arbitrary File Delete

The code exploits a vulnerability in the Novell File Reporter Agent versions 1.0.4.2 and below, which allows an attacker to remotely delete any file on the targeted system...

Pironman Dashboard 安全漏洞

Pironman Dashboard is a console interface open-sourced by SunFounder. Versions of Pironman Dashboard prior to 1.3.13 have security vulnerabilities; these vulnerabilities stem from path traversal in the log file API endpoints, which could lead to arbitrary file reading and deletion...

CVE-2026-25069 SunFounder Pironman Dashboard <= 1.3.13 Path Traversal Arbitrary File Read/Deletion

SunFounder Pironman Dashboard pmdashboard version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can...

CVE-2019-25296 WP Cost Estimation <= 9.642 - Missing Authorization to Arbitrary File Upload/Delete

The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfbuploadform and lfbremoveFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attackers to upload arbitrar...

CVE-2025-65076

Summary: CVE-2025-65076 affects the WaveView client. A path traversal flaw in the ilog script, executed with root privileges on the WaveStore Server, allows a high-privilege attacker to read or delete arbitrary server files. Affected components (from provided sources): WaveView client interfacing...