CVE-2026-2421

The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the 'cert' parameter of the 'wccd-delete-certificate' AJAX action. This is due to insufficient file path validation before performing a file deletion. Thi...

WordPress ilGhera Carta Docente for WooCommerce plugin <= 1.5.0 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' Parameter vulnerability

Authenticated Administrator+ Path Traversal to Arbitrary File Deletion via 'cert' Parameter vulnerability discovered by Legion Hunter in WordPress Plugin ilGhera Carta Docente for WooCommerce versions = 1.5.0...

CVE-2025-62371

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugin...

CVE-2019-7301

Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=ViewCert certname parameter...