CVE-2025-14629

The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'deletefile' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary WordPress media...

EUVD-2025-28028

Malicious code in bioql PyPI...

CVE-2025-5391

The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletefile function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-5391

CVE-2025-5391 affects the WooCommerce Purchase Orders plugin for WordPress (versions ≤ 1.0.2). The vulnerability arises from insufficient file path validation in the delete_file() function, allowing authenticated attackers with Subscriber-level access or higher to delete arbitrary files on the se...

Improper access control

A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function deletefile in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch...

CVE-2023-27812

bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the deletefile function...

CVE-2023-27812

bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the deletefile function...

CVE-2023-27812

bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the deletefile function...

Arbitrary file deletion

bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the deletefile function...