6 matches found
CVE-2026-32097
PingPong is a platform for using large language models LLMs for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outside the intended authorization scope. This issue could result in retrieval or deletion of private files, including user-uploade...
CVE-2026-32097 PingPong has improper access control in thread file endpoints allows access outside intended scope
PingPong is a platform for using large language models LLMs for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outside the intended authorization scope. This issue could result in retrieval or deletion of private files, including user-uploade...
CVE-2025-5028
Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so...
CVE-2022-26773
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission...
CVE-2024-45392 SuiteCRM has wrong deletion permission checks on API delete call
SuiteCRM is an open-source customer relationship management CRM system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue...
CVE-2020-16144
When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affects the...