Lucene search
K

600 matches found

Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-0282 PAN-OS: File Deletion Vulnerability in Management Web Interface

A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web...

6.9CVSS0.00357EPSS
Exploits0References1
Cvelist
Cvelist
added last week26 views

CVE-2026-28378 Cross-Organization Public Dashboard Deletion via Missing Org Isolation

The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers...

3.1CVSS0.00136EPSS
Exploits0References1
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.7 views

CVE-2026-25782

Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...

5.3CVSS0.00286EPSS
Exploits0References4
Veracode
Veracode
added 2026/06/25 5:20 a.m.8 views

Improper Authorization

Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks when deleting task definitions, where users with valid system login privileges can delete task definitions in projects they are not authorized to manage...

4.9CVSS5.8AI score0.00437EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:38 p.m.6 views

WordPress SearchPlus plugin <= 1.7.1 - Missing Authorization to Unauthenticated Settings Modification and Deletion vulnerability

Missing Authorization to Unauthenticated Settings Modification and Deletion vulnerability discovered by Legion Hunter in WordPress Plugin SearchPlus versions = 1.7.1...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/03 10:41 a.m.11 views

CVE-2026-35082 Local file inclusion vulnerability and deletion in ugw-logread method

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

8.8CVSS6AI score0.00494EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/29 10:45 p.m.28 views

praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks

Summary Type: Insecure Direct Object Reference. The dependency endpoints POST/GET /workspaces/workspaceid/issues/issueid/dependencies and DELETE .../dependencies/depid gate access on requireworkspacememberworkspaceid only, then dispatch to DependencyService calls that take URL/body-supplied issue...

5.9AI score0.00032EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-44996

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

4.3CVSS5.7AI score0.00155EPSS
Exploits0References2
CVE
CVE
added 2026/05/25 7:30 a.m.46 views

CVE-2026-9438

The CVE-2026-9438 entry concerns yashpokharna2555 StudentManagementSystem, specifically the courseDel.php component. The issue arises from manipulation of the ID argument, leading to improper control of resource identifiers. This is exploitable remotely and is demonstrated as a public PoC. Accord...

5.5CVSS5.7AI score0.00324EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:26 p.m.12 views

CVE-2021-47979

WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted filename and foldername parameters to delete...

8.8CVSS5.9AI score0.00397EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.21 views

PT-2026-41465

Name of the Vulnerable Software and Affected Versions Backup and Restore version 1.0.3 Description Authenticated attackers can delete arbitrary files from the WordPress installation directory. This is achieved by sending POST requests to the 'admin-ajax.php' endpoint with manipulated file name an...

8.8CVSS5.9AI score0.00397EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/14 6:44 a.m.6 views

CVE-2026-3892

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

8.1CVSS5.9AI score0.00256EPSS
Exploits0References3
NVD
NVD
added 2026/05/13 7:17 p.m.10 views

CVE-2026-0259

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

7.1CVSS0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 2:21 p.m.9 views

CVE-2026-31215

The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /indexname/documents endpoint lacks proper authentication and authorization controls and does not validate the user-supplied pathorurl parameter...

9.1CVSS5.9AI score0.00413EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

OpenStack Cyborg 安全漏洞

OpenStack Cyborg is an open-source acceleration resource management and scheduling service component of OpenStack. Versions of OpenStack Cyborg prior to 16.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the accelerator request API did not enforce project...

6.3CVSS5.8AI score0.00206EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 7:42 p.m.9 views

EUVD-2026-28156

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...

7.2CVSS5.7AI score0.00165EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/04 8:50 p.m.9 views

CI4MS Vulnerable to Arbitrary Database Table Drop via Theme deleteProcess

Summary The deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are passed directly to $forge-dropTable without validating that the tables belong to the theme being deleted. The deleteConfirm view correctly populates tables from the theme's own migration...

6.9CVSS5.9AI score0.00344EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.10 views

WordPress plugin WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

8.1CVSS5.8AI score0.00328EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 8:17 p.m.7 views

CVE-2026-40874

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, no administrator verification takes place when deleting Forwarding Hosts with /api/v1/delete/fwdhost. Any authenticated user can call this API. Checks are only applied for edit/add actions,...

6CVSS0.0017EPSS
Exploits0References1
Rows per page
Query Builder