2097 matches found
CVE-2025-10916 FormGent < 1.0.4 - Unauthenticated Arbitrary File Deletion
The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...
CVE-2025-10916
CVE-2025-10916 affects the FormGent WordPress plugin prior to 1.0.4. The vulnerability arises from insufficient file path validation, allowing unauthenticated attackers to delete arbitrary server files. Public references from multiple feeds (Pre‑published and after) corroborate the impact as unau...
WordPress plugin FormGent 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
ClipBucket 路径遍历漏洞
ClipBucket is an open source and freely downloadable PHP script from MacWarrior Open Source. It is used for sharing video sites. A path traversal vulnerability exists in ClipBucket version 5.5.2 - 146, which stems from insufficient validation of file load paths and could lead to a path traversal...
CVE-2023-7311
BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The path parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject and execute arbitrary shell commands on the device. Successfu...
CVE-2023-7311
CVE-2023-7311 affects the BYTEVALUE Intelligent Flow Control Router. A command-injection flaw exists in the /goform/webRead/open endpoint where the unvalidated path parameter is echoed into a shell, enabling arbitrary shell command execution. This can lead to writing backdoors, host privilege esc...
CVE-2025-42937 Directory Traversal vulnerability in SAP Print Service
SAP Print Service SAPSprint performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application...
CVE-2025-6439
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. Th...
CVE-2025-6439
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wcdpsavecanvasdesignajax' function in all versions up to, and including, 1.9.26. Th...
CVE-2025-6439
The CVE-2025-6439 case concerns the WooCommerce Designer Pro plugin for WordPress (used with Pricom theme). The vulnerability is an unauthenticated arbitrary file deletion due to insufficient file path validation in the wcdp_save_canvas_design_ajax function, affecting versions up to 1.9.26. Conne...
PT-2025-41674
Name of the Vulnerable Software and Affected Versions WooCommerce Designer Pro versions through 1.9.26 Description The WooCommerce Designer Pro plugin for WordPress is affected by an arbitrary file deletion issue. Insufficient file path validation in the wcdp save canvas design ajax function allo...
GHSA-J44M-5V8F-GC9C Flowise is vulnerable to arbitrary file exposure through its ReadFileTool
Summary The ReadFileTool in Flowise does not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read arbitrary files from the file system, potentially leading to remote command execution. Details Flowise supports providing ReadFileTool for large models to...
CVE-2025-7526 WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Authenticated (Subscriber+) Arbitrary File Deletion via File Renaming
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion via renaming due to insufficient file path validation in the setuserprofileimage function in all versions up to, and including, 6.6.7. This makes it possible for...
CVE-2025-10494
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all versions up to, and including, 1.4.89. This makes it possible for authenticated attackers, with...
CVE-2025-10494 Motors – Car Dealership & Classified Listings Plugin <= 1.4.89 - Authenticated (Subscriber+) Arbitrary File Deletion
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all versions up to, and including, 1.4.89. This makes it possible for authenticated attackers, with...
CVE-2025-10494
CVE-2025-10494 affects the Motors – Car Dealership & Classified Listings Plugin for WordPress (versions up to 1.4.89). The root cause is insufficient validation of file paths when deleting profile pictures, allowing an authenticated attacker with Subscriber-level access or higher to delete arbitr...
WordPress plugin Motors – Car Dealership & Classified Listings 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...
EUVD-2017-17151
Malware in sbrugna...
EUVD-2019-16833
Malware in sbrugna...
EUVD-2002-1452
Malware in sbrugna...