PT-2025-18476

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use after free issue has been resolved in the Linux kernel. The problem occurs when the memory pointed to by priv is freed at the end of the at76 delete device function, but the code...

PT-2025-13857 · Sourcecodester · Sourcecodester Online Eyewear Shop

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A critical issue was found in the software, affecting an unknown function of the file /classes/Users.php?f=delete. The manipulation of the ID argument leads to SQL injection. It is...

CVE-2025-2193

CVE-2025-2193 concerns MRCMS 3.1.2. A path traversal vulnerability exists in the delete function of /admin/file/delete.do within the org.marker.mushroom.controller.FileController, enabling remote exploitation via manipulation of the path/name argument. Public exploit details are present in multip...

CVE-2025-2193 MRCMS org.marker.mushroom.controller.FileController delete.do delete path traversal

A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path/name leads to path traversal. The attack...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the H5SMdelete function. An attacker can manipulate memory and potentially cause a crash or execute arbitrary code by sending a specially crafted file that triggers a heap-based buffer overflow...

HDF5 安全漏洞

HDF5 is an HDF open source library. A security vulnerability exists in HDF5 version 1.14.6, which stems from the H5SMdelete function that could lead to a heap buffer overflow...

CVE-2024-13747

The WooMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'templatedeletesaved' function in all versions up to, and including, 3.0.34. This makes it possible for authenticated attackers, with Subscriber-leve...

CVE-2025-2044 code-projects Blood Bank Management System delete_bloodGroup.php sql injection

A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deletebloodGroup.php. The manipulation of the argument bloodid leads to sql injection. The attack can be...

WUZHI CMS 安全漏洞

WUZHI CMS is an open source content management system CMS based on PHP and MySQL by Five Fingers WUZHI. A security vulnerability exists in WUZHI CMS version v4.1.0, which originates from cross-site scripting in the del function...

SQL Injection in DuckDBVectorStore via delete can lead to RCE

Description The delete function in DuckDBVectorStore easily attacks SQL when the attack controls the refdocid parameter.This can help attackers read and write arbitrary files on the server and lead to rce. ddbquery = f""" DELETE FROM self.tablename WHERE jsonextractstringmetadata, '$.refdocid' =...

CVE-2024-1601

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

WordPress plugin Atarim 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-12071

CVE-2024-12071 affects the Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media WordPress plugin. The root cause is a missing capability check in delete_network_post(), present in all versions up to 1.4.4, enabling unauthenticated attackers to delete arbitrary posts...

CVE-2024-13318

The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cldeletelistingfunc function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts...

PT-2024-17517 · Orbisius · Orbisius-Child-Theme-Creator

Name of the Vulnerable Software and Affected Versions: Child Theme Creator by Orbisius plugin for WordPress versions up to, and including, 1.5.5 Description: The issue is related to unauthorized modification of data due to a missing capability check on the cloud delete and cloud update functions...

Mobatek MobaXterm 安全漏洞

Mobatek MobaXterm is a suite of terminal software from Mobatek France that integrates an enhanced terminal, an X server, and a Unix command set GNU/Cygwin. A security vulnerability exists in Mobatek MobaXterm version v24.2. An attacker can exploit the vulnerability to generate an administrative...

CVE-2024-8782

A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the publ...

PT-2024-39248 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS versions up to 1.0 Description: A critical issue affects the delete function of the file /admin/template/edit. The manipulation of the name argument leads to path traversal, allowing an attacker to delete arbitrary files. This issue...

CVE-2024-8345

A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit...

GHSA-R5PH-4JXM-6J9P LF Edge eKuiper has a SQL Injection in sqlKvStore

Summary A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. Details I will use explainRuleHandler "/rules/name/explain" as an example to illustrate. However, this vulnerability also exists in other methods such as...