CVE-2025-13987

The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation on the 'suppthandledeletion' function. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2025-13987 Purchase and Expense Manager <= 1.1.2 - Cross-Site Request Forgery to Arbitrary Purchase Record Deletion

The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation on the 'suppthandledeletion' function. This makes it possible for unauthenticated attackers to delete arbitrary...

PT-2025-50841

The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation on the 'sup pt handle deletion' function. This makes it possible for unauthenticated attackers to delete arbitrary...

EUVD-2022-46071

Malicious code in bioql PyPI...

CVE-2025-8805

A vulnerability was determined in Open5GS up to 2.7.5. Affected by this issue is the function smfgsmstatewaitpfcpdeletion of the file src/smf/gsm-sm.c of the component SMF. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the publ...

CVE-2025-8805

Open5GS SMF component is affected by CVE-2025-8805 via the function smf_gsm_state_wait_pfcp_deletion in src/smf/gsm-sm.c, which can lead to a remote denial of service. Upgrade from 2.7.5 to 2.7.6 to address the issue; the patch is identified as c58b8f081986aaf2a312d73a0a17985518b47fe6. Exploitati...

CVE-2022-43022

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tagid variable in the Tag deletion function...

CVE-2025-1336

CmsEasy 7.7.7.9 is affected by a path traversal vulnerability in deleteimg_action (lib/admin/image_admin.php) caused by unsafely handling the imgname parameter. A remote attacker could exploit this, and public exploits have been disclosed. Multiple sources confirm remote access and public disclos...

CVE-2025-1336 CmsEasy image_admin.php deleteimg_action path traversal

A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Affected by this vulnerability is the function deleteimgaction in the library lib/admin/imageadmin.php. The manipulation of the argument imgname leads to path traversal. The attack can be launched remotely. The explo...

Logic flaw in Funadmin

Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service DOS...

ZrLog Directory Traversal Vulnerability

ZrLog is a blogging system developed using the Java language. A directory traversal vulnerability exists in ZrLog version 2.1.15, which stems from a lack of validity checking of paths in the admin.api.TemplateController deletion function when processing directory requests, and can be exploited by...

jeesite security breach

Zhuo source software Jeesite is China's Zhuo source software company of a set of open source Java EE enterprise-class rapid development platform . The platform includes system permissions components, data permissions components, data dictionary components, core tools components, view manipulation...

CVE-2023-24188

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted...

CVE-2023-24188

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted...

Directory traversal

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted...

CVE-2023-24188

Affected software: ureport v2.2.9. Vulnerability: directory traversal via the deletion function that allows arbitrary files to be deleted. Impact: per CVSS 3.1, base score 9.1 (critical) with integrity/availability impact and network attack vector. Root cause: not explicitly detailed in the provi...

CVE-2023-24188

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted...

CVE-2021-24512

The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an authenticated reflected cross site scripting XSS vulnerability in one of the administrative functions for handling deletion of videos...

CSZ CMS 1.2.9 - &#039;Multiple&#039; Arbitrary File Deletion

Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Arbitrary File Deletion Date: 2021-07-20 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.cszcms.com Software Link: https://sourceforge.net/projects/cszcms/files/latest/download Version: 1.2.9 Tested on: Windows 10,...

UBUNTU-CVE-2020-35980

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gfisomboxdel in isomedia/boxfuncs.c...