Lucene search
K

10062 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-43303

The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion...

8.8CVSS6.2AI score0.00239EPSS
Exploits1References2
Cvelist
Cvelist
added yesterday6 views

CVE-2026-57709 WordPress Membership For WooCommerce plugin <= 3.1.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Path Traversal.This issue affects Membership For WooCommerce: from n/a through = 3.1.0...

8.6CVSS0.00533EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-57709

CVE-2026-57709 affects the WordPress plugin WP Swings Membership For WooCommerce (Membership For WooCommerce) up to version 3.1.0. The issue is a path traversal vulnerability caused by improper limitation of a pathname to a restricted directory, enabling arbitrary file deletion. CVSS v3.1 base sc...

8.6CVSS6.1AI score0.00533EPSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-57401

The connected records document a concrete vulnerability in the WordPress SureDash plugin (Brainstorm Force) up to version 1.8.0. The issue is reported as an improper limitation of a pathname to a restricted directory (path traversal), enabling traversal of the file system. Some sources describe t...

9.9CVSS6.1AI score0.00548EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday5 views

CVE-2026-57401 WordPress SureDash plugin <= 1.8.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Brainstorm Force SureDash suredash allows Path Traversal.This issue affects SureDash: from n/a through = 1.8.0...

9.9CVSS0.00548EPSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-57389

CVE-2026-57389 affects Groundhogg WordPress plugin versions up to 4.4.1. The issue is described as an improper limitation of a pathname to a restricted directory (path traversal) that allows arbitrary file deletion. NVD/Patchstack entries indicate a High severity (CVSS 3.1 base score 8.6) with ne...

8.6CVSS6.1AI score0.00533EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday4 views

CVE-2026-57389 WordPress Groundhogg plugin <= 4.4.1 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Adrian Tobey Groundhogg groundhogg allows Path Traversal.This issue affects Groundhogg: from n/a through = 4.4.1...

8.6CVSS0.00533EPSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-57830

The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion...

8.8CVSS0.00239EPSS
Exploits1References1
CVE
CVE
added yesterday11 views

CVE-2026-57830

The CVE-2026-57830 entry describes a vulnerability in the Joomla extension Helix Ultimate where an unauthenticated user can perform arbitrary file deletions. Affected product: Helix Ultimate for Joomla (the CVE specifically references the extension rather than core Joomla). The identified impact ...

8.8CVSS6.2AI score0.00239EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday43 views

WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete...

8.1CVSS6.2AI score0.01367EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday48 views

Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion

Wordpress Quiz and Survey Master 7.0.1 allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsmremovefilefdquestion, which allowed...

9.9CVSS7AI score0.76328EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday15 views

Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

9.8CVSS6.2AI score0.01342EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday39 views

NCBI ToolBox - Directory Traversal

NCBI ToolBox 2.0.7 through 2.2.26 legacy versions contain a path traversal vulnerability via viewcgi.cgi which may result in reading of arbitrary files i.e., significant information disclosure or file deletion via the nph-viewgif.cgi query string. id: CVE-2018-16716 info: name: NCBI ToolBox -...

9.1CVSS7.1AI score0.0857EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday51 views

Nevma Adaptive Images - Arbitrary File Deletion

Nevma Adaptive Images plugin before 0.6.67 for WordPress contains an arbitrary file deletion caused by unsanitized input in adaptive-images-script.php, letting remote attackers delete arbitrary files, exploit requires sending specific request parameters. id: CVE-2019-14206 info: name: Nevma...

7.5CVSS7.1AI score0.04728EPSS
Exploits2References6
Nuclei
Nuclei
added yesterday64 views

Telesquare TLR-2855KS6 - Arbitrary File Deletion

An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts. id: CVE-2021-46419 info: name: Telesquare TLR-2855KS6 - Arbitrary File Deletion author: DhiyaneshDK severity: critical description: | An unauthorized file deleti...

9.1CVSS7AI score0.71384EPSS
Exploits4References3
NVD
NVD
added 5 days ago6 views

CVE-2026-13492

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS0.00525EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-0282 PAN-OS: File Deletion Vulnerability in Management Web Interface

A file deletion vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. The security risk posed by this issue is minimized by restricting access to the management web...

6.9CVSS0.00357EPSS
Exploits0References1
CVE
CVE
added 5 days ago11 views

CVE-2026-0282

CVE-2026-0282 describes a file deletion vulnerability in Palo Alto Networks PAN-OS that allows an unauthenticated attacker with network access to the management web interface to delete files from a temporary directory. Affected are PAN-OS on PA-Series and VM-Series firewalls and Panorama (virtual...

6.9CVSS6AI score0.00357EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-13492 UsersWP <= 1.2.65 - Authenticated (Subscriber+) Arbitrary File Deletion via File Upload Field

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS0.00525EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-13492

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS6AI score0.00525EPSS
Exploits0References9
Rows per page
Query Builder