CVE-2025-12494

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaximportfile function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level...

CVE-2025-12494 Image Gallery – Photo Grid & Video Gallery <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File Move

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaximportfile function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level...

EUVD-2018-10760

Malware in sbrugna...

EUVD-2023-54330

Malicious code in bioql PyPI...

EUVD-2022-30036

Malicious code in bioql PyPI...

EUVD-2022-28710

Malicious code in bioql PyPI...

WordPress plugin Drag and Drop Multiple File Upload for WooCommerce 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2024-7626

The WP Delicious – Recipe Plugin for Food Bloggers formerly Delicious Recipes plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the saveeditprofiledetails function in all versions up to, and including, 1.6.9. This makes it possib...

CVE-2024-7626

CVE-2024-7626 affects WP Delicious – Recipe Plugin for WordPress (formerly Delicious Recipes), versions ≤ 1.6.9. The vulnerability stems from insufficient file path validation in the save_edit_profile_details() function, allowing authenticated users with subscriber-level access and above to move ...

WordPress plugin WP Delicious 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

The vulnerability of the file renaming function of the ASUSTOR Data Master operating system allows a hacker to move any files they desire.

The vulnerability of the file renaming function of the ASUSTOR Data Master operating system involves the use of files and directories accessible from external parties. Exploiting this vulnerability could allow a hacker to move arbitrary files...

CVE-2023-4475

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master ADM allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...

CVE-2023-4475

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master ADM allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...

CVE-2023-4475

ASUSTOR Data Master (ADM) is affected by an Arbitrary File Movement vulnerability via the file renaming feature. Affected: ADM 4.0.6.RIS1 and below, ADM 4.1.0 and below, ADM 4.2.2.RI61 and below. Root cause: exploitation of the file renaming mechanism to move files into unintended directories. Im...

CVE-2023-4475 An Arbitrary File Movement vulnerability was found on the ADM

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master ADM allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...

CVE-2023-4475 An Arbitrary File Movement vulnerability was found on the ADM

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master ADM allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...

ASUSTOR Data Master 安全漏洞

ASUSTOR Data Master is a proprietary operating system for ASUSTOR NAS from ASUS in China, featuring a tablet-like graphical interface comparable to a zero-learning curve, making it easy to get started right away. A security vulnerability exists in ASUSTOR Data Master, which stems from the presenc...

ASUSTOR ADM Multiple Vulnerabilities (AS-2023-009, AS-2023-010, AS-2023-011, AS-2023-012)

ASUSTOR ADM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:asustor:adm"; if description...

CVE-2022-27049

Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed...

Docker Desktop has an unspecified vulnerability

Docker Desktop is a container-based desktop software for lightweight deployment of applications from Docker, Inc. Docker Desktop has a security vulnerability that could be exploited by attackers to move arbitrary files...