GHSA-RMPJ-3X5M-9M5F Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion

Summary The documents and files module in Admidio does not verify whether the current user has permission to delete folders or files. The folderdelete and filedelete action handlers in modules/documents-files.php only perform a VIEW authorization check getFolderForDownload / getFileForDownload...

WordPress Wicked Folders plugin <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary Folder Deletion vulnerability discovered by Youssef Elouaer in WordPress Plugin Wicked Folders versions = 4.1.0...

EUVD-2026-12297

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege...

CVE-2026-20990

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege...

CVE-2026-20990

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege...

CVE-2026-20990

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege...

CVE-2026-20990

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege...

CVE-2026-20990

CVE-2026-20990 stems from an improper export of Android app components in Samsung Secure Folder prior to the SMR Mar-2026 Release 1, enabling local attackers to launch arbitrary activities with Secure Folder privilege. The issue is described as a local-privilege escalation due to component export...

PT-2026-26172

Summary The documents and files module in Admidio does not verify whether the current user has permission to delete folders or files. The folder delete and file delete action handlers in modules/documents-files.php only perform a VIEW authorization check getFolderForDownload / getFileForDownload...

PT-2026-25595

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege...

WordPress plugin Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

SAMSUNG Secure Folder 安全漏洞

Samsung Secure Folder is a privacy protection software developed by South Korea’s Samsung Corporation. Versions of Samsung Secure Folder prior to the SMR Mar-2026 Release 1 had security vulnerabilities. These vulnerabilities stemmed from improper export of Android application components, which...

CVE-2026-1883 Wicked Folders <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion

The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the deletefolders function due to missing validation on a user controlled key. This makes it possibl...

CVE-2026-1883

CVE-2026-1883 affects the WordPress plugin Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types. It states that all versions up to 4.1.0 are vulnerable to an Insecure Direct Object Reference (IDOR) in the delete_folders() function due to missing validation on a user-controlle...

CVE-2026-30914

SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...

CVE-2026-30914 SFTPGo has a Path Traversal and Permission Bypass via Path Normalization Discrepancy

SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...

CVE-2026-30914

SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...

CVE-2026-30914 SFTPGo has a Path Traversal and Permission Bypass via Path Normalization Discrepancy

SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...

CVE-2026-30914

CVE-2026-30914 — SFTPGo : A path normalization discrepancy between protocol handlers and the internal Virtual Filesystem routing in versions prior to 2.7.1 can allow an authenticated attacker to craft specific file paths to bypass folder-level permissions or escape Virtual Folders. This is mitiga...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through a discrepancy in path normalization between protocol handlers and internal routing. An attacker can bypass folder-level permissions or escape the boundaries of a configured virtual folder by crafting specific...