CVE-2026-0259 WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B)

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

CVE-2022-33882

Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app ADA. An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code...

CVE-2022-45697

Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory...

CVE-2024-54291 WordPress PluginPass plugin <= 0.9.10 - Arbitrary File Download/Delete vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in NotFound PluginPass allows Manipulating Web Input to File System Calls. This issue affects PluginPass: from n/a through 0.9.10...

CVE-2024-7258

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfmremoveFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level acces...

Code-Projects Blood Bank Management System 跨站请求伪造漏洞

Code-Projects Blood Bank Management System is a Code-Projects open source blood bank management system. A cross-site request forgery vulnerability exists in Code-Projects Blood Bank Management System version 1.0, which stems from a cross-site request forgery caused by the parameter bid in the fil...

CVE-2023-26957

onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...

Directory traversal

Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory...

CVE-2020-13522

An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet IRP can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability...

CVE-2017-8853

Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/appconfig/controller/backuper.php via directory traversal in the file parameter during an act=db action...

CVE-2012-0943

debian/guest-account in Light Display Manager lightdm 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and...