WordPress Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Image Deletion vulnerability discovered by Bao Luu Gia Nguyen in WordPress Plugin NextGEN Gallery versions = 4.2.0...

CVE-2026-40883 goshs: CSRF in state-changing GET routes enables authenticated file deletion and directory creation

goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause an already authenticated browser to trigger destructive actions such as ?delete and ?mkdir because...

goshs has CSRF in state-changing GET routes enables authenticated file deletion and directory creation

Summary goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause an already authenticated browser to trigger destructive actions such as ?delete and ?mkdir because goshs relies on HTTP basic auth alone and performs no CSRF, Origin, or...

CVE-2026-30842

Wallos, an open-source self-hosted personal subscription tracker, has a vulnerability prior to version 4.6.2 where an authenticated user can delete avatar files uploaded by other users because the avatar deletion endpoint does not verify ownership. The issue is fixed in version 4.6.2. Affected: W...

CVE-2025-34435

AVideo versions prior to 20.1 are vulnerable to an insecure direct object reference IDOR that allows any authenticated user to delete media files belonging to other users. The affected endpoint validates authentication but fails to verify ownership or edit permissions for the targeted video...

CVE-2025-65097

RomM (ROM Manager) prior to versions 4.4.1 and 4.4.1-beta.2 is affected by an IDOR-like issue where an authenticated user can delete other users’ collections by sending a DELETE request to the /collections endpoint without ownership verification. Exploitation details or in-the-wild status are not...

WordPress Sparkle Demo Importer plugin <= 1.4.7 - Authenticated Post/Pages/Attachements Deletion and Demo Data Import vulnerability

Authenticated Post/Pages/Attachements Deletion and Demo Data Import vulnerability discovered by Lucio Sá in WordPress Plugin Sparkle Demo Importer versions = 1.4.7...

WordPress Tickera plugin <= 3.5.2.8 - Authenticated Ticket Deletion vulnerability

Authenticated Ticket Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Tickera versions = 3.5.2.8...

CVE-2023-21415

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlaydel.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has...

CVE-2023-38991

An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator...

OESA-2023-1233 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.CVE-2023-0225 The Samb...

CVE-2021-23278

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/mapssrv.js with action removeBackground and server/nodeupgradesrv.js with action removeFirmware. An attacker can send specially...

CVE-2018-19329

GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button...

UBUNTU-CVE-2018-19143

Open Ticket Request System OTRS 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled...

woocommerce-csvimport 3.3.6 – Authenticated Arbitrary File Deletion

Type user access: any user registered. $POST'filename' is not escaped. Code File: wp-content/plugins/woocommerce-csvimport/export/include/classes/woocsvExport.php Line:64 public function deleteexportfile if isset $POST'filename' @unlink $POST'filename' ; wpdie 0 ; Result: wp-config.php file delet...

CVE-2016-9469

Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix...