CVE-2025-40902

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

CVE-2025-36746

SolarEdge monitoring platform contains a Cross‑Site Scripting XSS flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt...

EUVD-2024-54111

Malicious code in bioql PyPI...

EUVD-2024-29937

Malicious code in bioql PyPI...

CVE-2005-2168

delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter...

Cross site request forgery (csrf)

The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack...

Rainy Novel cms has arbitrary file deletion vulnerability

Wild Rain Fiction cms hereinafter referred to as KYXSCMS provides a lightweight fiction website solution based on ThinkPHP 5.1+MySQL. KYXSCMS has an arbitrary file deletion vulnerability. An attacker can use the vulnerability to delete any file in the root directory...

Arbitrary file deletion vulnerability in WeLive online customer service system

WeLive online customer service system is a small program, easy to install and use online online customer service system. WeLive Online Customer Service System has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete arbitrary files...

Arbitrary File Deletion Vulnerability in YCCMS controller directory Pi***.cl***.php

YCCMS is a PHP version of a lightweight CMS builder. YCCMS 3.4 version controller directory Pi.class.php arbitrary file deletion vulnerability, an attacker can use the vulnerability to delete arbitrary files...

CVE-2018-16587

In Open Ticket Request System OTRS 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to...

Arbitrary File Deletion Vulnerability in CSCMS V4.1.0 Backend

CSCMS is a multi-functional network information management system developed by Chongsheng Network Technology, which uses PHP5+MYSQL as the technical basis for development. Using OOP object-oriented approach to build the basic operating framework. CSCMS V4.1.0 there are arbitrary file deletion...