30 matches found
CVE-2026-54097
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link...
GO-2026-5159 File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix in github.com/filebrowser/filebrowser
File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix in github.com/filebrowser/filebrowser...
EUVD-2026-39443
The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...
Astra Linux – Vulnerability in Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: restore set elements when delete set fails From the abort path, nftmapelemactivate needs to restore refcounters to their original state. Currently, it uses set-ops-walk to iterate over these set elements. The...
PT-2026-37158
Name of the Vulnerable Software and Affected Versions Distribution versions prior to 3.1.1 Description An authorization bypass exists where tag deletion via the "/v2//manifests/" endpoint ignores the storage.delete.enabled: false configuration. This allows any API client to remove tags from...
CVE-2026-35172
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared dige...
CVE-2026-35172
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared dige...
CVE-2026-28442
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...
PT-2025-51151
Name of the Vulnerable Software and Affected Versions Computer Book Store version 1.0 Description A weakness exists in Computer Book Store version 1.0 related to SQL injection. The issue is located in the /admin delete.php file, specifically within an unknown function. Manipulation of the bookisb...
EUVD-2025-25906
Malicious code in bioql PyPI...
CVE-2022-50377
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2022-50377
CVE-2022-50377 is rejected by the CVE Numbering Authority and not an active entry.
PT-2025-38325
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the ext4 file system related to inode eviction. Specifically, in the ext4 evict inode function, a race condition can occur when evicting an inode ...
SourceCodester Online Student File Management 安全漏洞
SourceCodester Online Student File Management is a SourceCodester open source online student file management system. A security vulnerability exists in SourceCodester Online Student File Management version 1.0, which originates from an incorrect manipulation of the parameter studentid in the file...
CVE-2025-54598
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...
LitmusChaos 安全漏洞
LitmusChaos is a program open-sourced by Litmus Chaos that practices chaos engineering in a cloud-native manner. A security vulnerability exists in LitmusChaos 3.19.0 and earlier versions, which stems from a lack of authorization for the parameter projectID in the file /auth/deleteproject, which...
BlueCMS 安全漏洞
BlueCMS is a content management system CMS based on PHP and MySQL. A security vulnerability exists in BlueCMS version 1.6, which originates from arbitrary file deletion via the filename parameter in the /admin/database.php?act=del request...
DEBIAN-CVE-2024-44944
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nfexpectgetid helper function to calculate the expectation ID, otherwise LSB of the expectation object address is...
CVE-2024-42627
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/snippet/delete/3...
CVE-2024-2317
A vulnerability was found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This issue affects some unknown processing of the file /prescription/prescription/delete/ of the component Prescription Page. The manipulation leads to improper authorization. The attack may be...