CVE-2026-23563 Privilege escalation in TeamViewer DEX via DeleteFileByPath instruction

Improper Link Resolution Before File Access invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is...

CVE-2026-23563

Improper Link Resolution Before File Access invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is...

CVE-2025-14997

The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'deletefield' function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level...

PT-2023-5589 · Tongda · Tongda Oa 2017

Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 versions prior to 11.10 Description: A critical issue was found in Tongda OA 2017, affecting an unknown function of the file general/hr/manage/staff title evaluation/delete.php. The manipulation of the EVALUATION ID argument...