16 matches found
GHSA-6PJF-3R9X-M592 Distribution's tag deletion bypasses `storage.delete.enabled` configuration
Summary Tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has explicitly disabled deletion. Details When storage.delete.enabled is configured to false,...
CVE-2026-34082
Dify is an open-source LLM app development platform. Prior to 1.13.1, the method DELETE /console/api/installed-apps//conversations/ has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue...
CVE-2025-8840 jshERP Endpoint deleteBatch improper authorization
A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclos...
CVE-2024-25209
Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php...
CVE-2024-10830
A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint /v1/resource/file/delete. This vulnerability allows an attacker to delete any file on the server by manipulating the filekey parameter. The filekey parameter is not properly sanitized, enabling an...
PT-2024-38857 · Sourcecodester · Sourcecodester Qr Code Attendance System
Name of the Vulnerable Software and Affected Versions: SourceCodester QR Code Attendance System version 1.0 Description: A problematic issue has been found in the system, affecting the processing of the file /endpoint/delete-student.php. The manipulation of the argument student/attendance leads t...
CVE-2024-8151
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack...
SourceCodester Daily Expenses Monitoring SQL注入漏洞
SourceCodester Daily Expenses Monitoring is a daily income and expense monitoring platform from SourceCodester, Inc. A SQL injection vulnerability exists in SourceCodester Daily Expenses Monitoring version 1.0, which originates when the expense parameter on the /endpoint/delete-expense.php page...
SourceCodester Leads Manager Tool SQL注入漏洞
SourceCodester Leads Manager Tool is a Leads Management Tool from SourceCodester, Inc. A SQL injection vulnerability exists in SourceCodester Leads Manager Tool version 1.0, which originates from a SQL injection vulnerability in the Delete Leads Handler component on the /endpoint/delete-leads.php...
DEBIAN-CVE-2021-47594
In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching...
CVE-2024-2067
SourceCodester Computer Inventory System 1.0 has a SQL injection vulnerability in /endpoint/delete-computer.php triggered by manipulating the computer parameter. The flaw is exploitable remotely and is considered critical by CVE-2024-2067; multiple sources report the exploit publicly. No official...
FAQ Management System SQL Injection Vulnerability
FAQ Management System is a Frequently Asked Questions Management System by Remy Andrade Personal Developer. A SQL injection vulnerability exists in version 1.0 of the FAQ Management System, which stems from the parameter faq in the file /endpoint/delete-faq.php, which can lead to SQL injection...
CVE-2024-25209
Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php...
JFinalCMS Security Vulnerability
JFinalCMS is a content management system by heyewei personal developer. A security vulnerability exists in JFinalCMS v5.0.0, which originates from a cross-site request forgery vulnerability in the /admin/friendlink/delete component...
SourceCodester Sticky Notes SQL Injection Vulnerability
SourceCodester Sticky Notes is a sticky notes application. A security vulnerability exists in SourceCodester Sticky Notes version 1.0, which stems from a SQL injection vulnerability in the parameter note in the file endpoint/delete-note.php...
CVE-2022-28413
Car Driving School Management System v1.0 was discovered to contain a SQL injection vulnerability via /cdsms/classes/Master.php?f=deleteenrollment...