EUVD-2023-42746

Malicious code in bioql PyPI...

EUVD-2025-18242

Malicious code in bioql PyPI...

WordPress plugin Custom Searchable Data Entry System 安全漏洞

WordPress Custom Searchable Data Entry System plugin is a plugin for creating a searchable data entry system in your website that allows users to fill in information based on specific criteria and enables data matching queries. The WordPress Custom Searchable Data Entry System plugin suffers from...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23368)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability, which originates from the incorrect operation of the function ucidel on the parameter delvalue in the file /goform/deleteprohibiting, which can be exploited by an...

CVE-2025-11099

CVE-2025-11099 affects D-Link DIR-823X (firmware 250416). The vulnerability resides in the uci_del function of /goform/delete_prohibiting, where tampering with the delvalue parameter enables remote command injection. Exploitation can be performed remotely, and a public exploit has been disclosed....

CVE-2025-10232

A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has...

CVE-2025-10232

A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has...

CVE-2025-10232

CVE-2025-10232 affects 299ko up to version 2.0.0. The vulnerability is in the file manager’s getSentDir/delete function (FileManagerAPIController.php), enabling remote, unauthenticated path traversal. Public exploit exists; vendor was contacted but did not respond. Mitigation/workarounds are not ...

CVE-2025-10232 299ko FileManagerAPIController.php delete path traversal

A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has...

Linux Distros Unpatched Vulnerability : CVE-2018-1000556

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress version 4.8 + contains a Cross Site Scripting XSS vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can...

CVE-2025-8753

CVE-2025-8753 affects linlinjava litemall up to version 1.8.0. The vulnerability resides in the File Handler’s delete function at /admin/storage/delete, where manipulation of the key parameter enables path traversal. The issue can be exploited remotely and the public exploit is disclosed. Affecte...

CVE-2024-9187

The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm function in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete read...

CVE-2023-38988

An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators...

CVE-2023-46496

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint...

CVE-2023-38989

An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...

CVE-2023-1589

A vulnerability has been found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This vulnerability affects the function exec of the file admin/operations/approvedelete.php. The manipulation of the argument id leads to sql injection. The attack can be...

CVE-2022-46472

Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /hss/classes/Users.php?f=delete...

CVE-2020-12130

The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parameter of the Delete function...

CVE-2017-1002009

Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function...

PT-2025-16206 · Phpshe · Phpshe

Name of the Vulnerable Software and Affected Versions: phpshe version 1.8 Description: A critical issue has been identified, affecting the pe delete function in the /admin.php?mod=brand&act=del endpoint. The manipulation of the brand id argument leads to SQL injection. This issue can be exploited...