Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.5 views

CVE-2026-32097

PingPong is a platform for using large language models LLMs for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outside the intended authorization scope. This issue could result in retrieval or deletion of private files, including user-uploade...

8.8CVSS5.8AI score0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 7:55 p.m.29 views

CVE-2026-32097 PingPong has improper access control in thread file endpoints allows access outside intended scope

PingPong is a platform for using large language models LLMs for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outside the intended authorization scope. This issue could result in retrieval or deletion of private files, including user-uploade...

8.6CVSS0.00288EPSS
Exploits0References1
NVD
NVD
added 2025/07/11 7:15 a.m.7 views

CVE-2025-5028

Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so...

6.8CVSS0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:1 p.m.7 views

CVE-2022-26773

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission...

7.1CVSS6AI score0.00539EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/05 4:34 p.m.21 views

CVE-2024-45392 SuiteCRM has wrong deletion permission checks on API delete call

SuiteCRM is an open-source customer relationship management CRM system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue...

7.7CVSS6.9AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/02/09 5:59 p.m.22 views

CVE-2020-16144

When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affects the...

5.5AI score0.00797EPSS
Exploits0References1
Rows per page
Query Builder