28 matches found
Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods
Summary A vulnerability in the Inngest TypeScript SDK versions 3.22.0 through 3.53.1 allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve HTTP handler. The serve handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper access control in the unaccess process. An attacker can cause disruption of all public shares routed through a global frontend by sending a DELETE request to the affected API endpoint with knowled...
CVE-2026-23939
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Store.Local' module allows Relative Path Traversal. This vulnerability is associated with program files lib/hexpm/store/local.ex and program routines...
CVE-2026-23939 Path Traversal in Local File Store Backend
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Store.Local' module allows Relative Path Traversal. This vulnerability is associated with program files lib/hexpm/store/local.ex and program routines...
CVE-2026-2850
A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\CustomerController.java of the component Customer Endpoint...
EUVD-2025-32435
A vulnerability has been found in SeriaWei ZKEACMS up to 4.3. This affects the function Delete of the file src/ZKEACMS.Redirection/Controllers/UrlRedirectionController.cs of the component POST Request Handler. The manipulation leads to improper authorization. Remote exploitation of the attack is...
CVE-2025-10232 299ko FileManagerAPIController.php delete path traversal
A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has...
CVE-2019-17415
A Structured Exception Handler SEH based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP DELETE method, a similar issue to CVE-2019-16724 and CVE-2010-2331...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the getSystemTable and Delete methods in the common.php file. An attacker can disrupt service availability by exploiting this logic flaw to delete critical commands. Details Denial of Service DoS describes a...
CVE-2024-35209
A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files...
PT-2024-4579 · Unknown · Sinec Traffic Analyzer
Name of the Vulnerable Software and Affected Versions: SINEC Traffic Analyzer versions prior to V1.2 Description: A vulnerability has been identified in the web server of SINEC Traffic Analyzer, which allows HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized...
PT-2024-1629 · Plone · Plone
Name of the Vulnerable Software and Affected Versions: Plone Docker version 5.2.13 5221 Description: The issue is related to the absence of a mechanism to prevent unintended changes to resources when processing requests. This allows unauthenticated attackers to execute dangerous actions, such as...
PT-2022-28096 · Unknown · Usememos/Memos
Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue involves the incorrect use of privileged APIs, allowing a user with login permission to delete all notes of the whole application. This can be achieved via the API endpoint...
CVE-2022-38115
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT...
ownCloud: GitHub Security Lab (GHSL) Vulnerability Report: SQLInjection in FileContentProvider.kt (GHSL-2022-059)
Vulnerability description not provided...
CVE-2021-46419
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts...
Arbitrary file deletion
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts...
Telesquare TLR-2855KS6 安全漏洞
The Telesquare TLR-2855KS6 is an LTE router from Telesquare Korea. A security vulnerability exists in the Telesquare TLR-2855KS6, which stems from an unauthorized file deletion vulnerability that could allow system files and scripts to be deleted via the DELETE method...
CVE-2021-35243
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server 12.7.7 and earlier, allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the...
Solarwinds Web Help Desk 安全漏洞
Solarwinds Web Help Desk is a suite of help desk and asset management software from Solarwinds USA. The software supports features such as centralized knowledge base, IT asset management, project and task management. A security vulnerability exists in Solarwinds Web Help Desk web server version...