Lucene search
K

34 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.10 views

CVE-2026-7252

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduledoriginalfiledeletion function in all versions up to, and including, 4.5.2 Th...

8.1CVSS6.4AI score0.0095EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/17 9:4 p.m.6 views

CVE-2026-40304 zrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the conditio...

5.3CVSS5.7AI score0.00286EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 9:40 p.m.4 views

CVE-2026-40246

free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

8.7CVSS5.9AI score0.0038EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/14 1:7 a.m.7 views

GHSA-9PM8-VWC5-W2HM Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID

Impact Authenticated users can delete emails imported into the system assigned to another user; where the Email Dropbox is in use. Patches Fixed in v0.26.0 Workarounds Disable use of email dropbox...

2.1CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/01 10:8 p.m.7 views

CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

Summary Vulnerability: Improper Session Invalidation on Account Deletion Broken Access Control / Logic Flaw - This vulnerability is caused by a backend logic flaw that maintains a false trust assumption that already-authenticated users remain trustworthy, even after their accounts are explicitly...

8.8CVSS5.8AI score0.00502EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow prior to 1.9.0 contained a security vulnerability. This vulnerability stemmed from the deleteapikeyroute endpoint, which did not verify the ownership of the...

8.8CVSS5.9AI score0.0039EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

OpenProject 安全漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.2.0 had security vulnerabilities. These vulnerabilities stemmed from a flaw where, when deleting budgets, the work packages assigned to those budgets were moved before the permission checks...

7.1CVSS5.8AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 6:18 p.m.3 views

CVE-2026-25605

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in...

7.1CVSS0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.5 views

CVE-2026-30842

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, Wallos allows an authenticated user to delete avatar files uploaded by other users. The avatar deletion endpoint does not verify that the requested avatar belongs to the current user. As a result, any...

4.3CVSS5.8AI score0.00297EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/17 12:0 a.m.27 views

CVE-2025-67905

Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892. To exploit this, an...

0.00136EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:13 a.m.7 views

CVE-2016-10883

The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users...

6.5CVSS7.2AI score0.00605EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.6 views

PT-2026-1414

Name of the Vulnerable Software and Affected Versions BuddyPress Xprofile Custom Field Types plugin versions through 1.2.8 Description The BuddyPress Xprofile Custom Field Types plugin for WordPress has a flaw that allows authenticated attackers with Subscriber-level access or higher to delete...

7.2CVSS7.2AI score0.00615EPSS
Exploits0References8
NVD
NVD
added 2025/11/05 5:15 p.m.4 views

CVE-2025-63248

DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires...

7.5CVSS0.00288EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-2563

Malware in sbrugna...

6.8CVSS6.1AI score0.03008EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-1919

Malware in sbrugna...

6.5CVSS6.4AI score0.01341EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-20402

Malware in sbrugna...

9.1CVSS9.1AI score0.00999EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:14 a.m.6 views

CVE-2019-15493

openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21...

7.5CVSS7AI score0.0118EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/09 12:0 a.m.8 views

Avira Prime 安全漏洞

Avira Prime is a security software from the German company Avira. A security vulnerability exists in Avira Prime version 1.1.96.2, which stems from an arbitrary file deletion issue in Avira.Spotlight.Service.exe, which could lead to elevated privileges...

7.8CVSS6.7AI score0.00174EPSS
Exploits0References2
CVE
CVE
added 2025/03/28 2:42 p.m.117 views

CVE-2025-29928

CVE-2025-29928 concerns authentik, an open-source identity provider. When configured to use database-based session storage (not default), deleting sessions via the Web Interface or API would not revoke those sessions, allowing session holders continued access. This affects authentik versions prio...

8CVSS7AI score0.00364EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/15 3:23 a.m.8 views

CVE-2025-1668 School Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Arbitrary User Deletion

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpspDeleteUser function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access a...

4.3CVSS4.5AI score0.00281EPSS
Exploits0References3
Rows per page
Query Builder