PT-2026-42680

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...

CVE-2026-7127

A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=deletereceiving. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has...

CVE-2025-68789

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-68789

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

EUVD-2021-32198

Malicious code in bioql PyPI...

CVE-2025-5391

CVE-2025-5391 affects the WooCommerce Purchase Orders plugin for WordPress (versions ≤ 1.0.2). The vulnerability arises from insufficient file path validation in the delete_file() function, allowing authenticated attackers with Subscriber-level access or higher to delete arbitrary files on the se...

CVE-2025-21015

CVE-2025-21015 affects Document scanner prior to SMR Aug-2025 Release 1. Root cause is a path traversal in the scanner that can allow a local attacker to delete files using the scanner’s privileges. Affected version details are tied to prior-to-Release 1; mitigation is to update to SMR Aug-2025 R...

CVE-2025-24765 WordPress Image Shadow plugin <= 1.1.0 - Arbitrary File Deletion Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in RobMarsh Image Shadow image-shadow allows Path Traversal.This issue affects Image Shadow: from n/a through = 1.1.0...

CVE-2025-49448 WordPress FW Food Menu plugin <= 6.0.0 - Arbitrary File Deletion Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Fastw3b LLC FW Food Menu allows Path Traversal. This issue affects FW Food Menu : from n/a through 6.0.0...

CVE-2025-49879 WordPress Litho <= 3.0 - Arbitrary File Deletion Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in themezaa Litho allows Path Traversal. This issue affects Litho: from n/a through 3.0...

CVE-2023-7300

Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.Vulnerability ID:HWPSIRT-2023-60613...

CVE-2025-32631 WordPress Oxygen MyData for WooCommerce plugin <= 1.0.64 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in oxygensuite Oxygen MyData for WooCommerce oxygen-mydata allows Path Traversal.This issue affects Oxygen MyData for WooCommerce: from n/a through = 1.0.64...

CVE-2024-6483

A vulnerability in the runs/delete-batch endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion...

GHSA-4QCX-JX49-6QRH Aim path traversal in LockManager.release_locks

A vulnerability in the LockManager.releaselocks function in aimhubio/aim commit bb76afe allows for arbitrary file deletion through relative path traversal. The runhash parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. Thi...

CVE-2024-8537 Path Traversal in modelscope/agentscope

A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling t...

CVE-2024-8581

CVE-2024-8581 concerns parisneo/lollms-webui, version V12 (Strawberry). The vulnerability is in the upload_app function where unsanitized filename input enables Path Traversal, allowing an attacker to delete arbitrary files or directories on the host. Root cause: lack of user input filtering for ...

CVE-2025-26534 WordPress Helloprint Plugin <= 2.0.7 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NotFound Helloprint allows Path Traversal. This issue affects Helloprint: from n/a through 2.0.7...

CVE-2024-32115

A relative path traversal vulnerability CWE-23 in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests...

CVE-2024-56055 WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary Directory Deletion vulnerability

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2...

CVE-2022-4101 Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion

The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack...