Lucene search
K

25 matches found

NVD
NVD
added 2026/05/14 7:16 a.m.25 views

CVE-2026-3892

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

8.1CVSS0.00256EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/20 9:31 p.m.7 views

EUVD-2026-23935

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store ...

8.1CVSS6.6AI score0.00593EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/11 12:0 a.m.2 views

PT-2026-32096

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This is due to a two-step logic flaw: the topic add and topic edit action handlers accept arbitrary user-supplied data arrays from $ REQUEST and store them as postmeta without...

7.1CVSS5.9AI score0.00499EPSS
Exploits0References11
Snyk
Snyk
added 2026/04/01 10:30 p.m.4 views

Directory Traversal

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal via the index function in MediaBrowserController when the fileRemove action is triggered and user input is concatenated with the...

8.7CVSS6.5AI score0.00693EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/01 10:30 p.m.4 views

Directory Traversal

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Directory Traversal via the index function in MediaBrowserController when the fileRemove action is triggered and user input is concatenated with the...

8.7CVSS6.5AI score0.00693EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

webTareas 安全漏洞

webTareas is a web-based open-source collaboration tool developed by luiswang as an individual developer. This product supports features such as project management, error tracking, content management, and meeting management. Version 2.0.p8 of webTareas contains a security vulnerability. This...

9.8CVSS5.8AI score0.00326EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.5 views

CVE-2025-15035

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 vpn modules allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤...

7.3CVSS7AI score0.00286EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.7 views

PT-2026-1765

Name of the Vulnerable Software and Affected Versions TP-Link Archer AXE75 versions through build 20250107 Description An improper input validation issue exists in the vpn modules of TP-Link Archer AXE75. An authenticated attacker in a nearby location can delete arbitrary server files, potentiall...

6.9CVSS6.7AI score0.00286EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.6 views

PT-2025-49258

Name of the Vulnerable Software and Affected Versions Warehouse Management System version 1.2 Description The software contains an authenticated arbitrary file deletion issue. The /goods/deleteGoods API endpoint accepts a user-controlled goodsimg parameter. This parameter is directly concatenated...

8.1CVSS6.7AI score0.00667EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-28791

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00594EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/20 1:44 a.m.9 views

CVE-2025-8141 Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated Arbitrary File Deletion

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteassociatedfiles function in all versions up to, and including, 3.2.4. This makes it possible for unauthenticated attackers to delete arbitrary fil...

8.8CVSS0.00594EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 10:15 a.m.5 views

CVE-2024-6851

In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...

7.5CVSS7.2AI score
Exploits0References1
PyPA
PyPA
added 2024/07/31 1:15 a.m.7 views

PYSEC-2024-73

A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and dsconfigchatbot.json. This issue arises due to improper validation of file paths, enabling...

9.1CVSS6.9AI score0.13092EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/07 12:0 a.m.6 views

PT-2023-27001 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 8.1.1 Description: The issue allows deletion of files from the server via the CustomerMessage API. There are no known workarounds for this problem. Recommendations: For versions prior to 8.1.1, update to version...

9.1CVSS9.1AI score0.00741EPSS
Exploits0References10
OSV
OSV
added 2023/01/16 4:15 p.m.3 views

CVE-2022-4101

The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack...

9.1CVSS5.8AI score0.29369EPSS
Exploits2References1
CNVD
CNVD
added 2021/05/17 12:0 a.m.3 views

Arbitrary File Deletion Vulnerability in Station Helpers CMS

Station Helpers CMS is a CMS open source system dedicated to creating a full-featured ... Station Helpers CMS has an arbitrary file deletion vulnerability , an attacker can exploit the vulnerability by path traversal to delete any file on the server...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/05/18 12:0 a.m.3 views

Subrion CMS Cross-Site Request Forgery Vulnerability (CNVD-2020-32357)

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A cross-site request forgery vulnerability exists in Subrion CMS version 4.2.1, which can be exploited by a remote...

8.1CVSS7AI score0.00675EPSS
Exploits2References1
CNVD
CNVD
added 2020/04/14 12:0 a.m.3 views

Arbitrary File Deletion Vulnerability in Fiyocms System

Fiyocms is a free and open source cms system for rapid development of personal and corporate websites and blogging systems. Fiyocms system has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete any file under the server...

7.1AI score
Exploits0
CNVD
CNVD
added 2019/08/06 12:0 a.m.1 views

PHPSHE mall system 1.7 background exists arbitrary file deletion vulnerability

PHPSHE Mall System V1.7 is an online mall building system based on PHP5.2+/MySQL 5.0+. PHPSHE Mall System 1.7 background there are arbitrary file deletion vulnerability, the vulnerability stems from the absence of directory checks, attackers can use the vulnerability to delete any file server...

7.1AI score
Exploits0
CNVD
CNVD
added 2019/07/29 12:0 a.m.3 views

Arbitrary File Deletion Vulnerability in Frontend of Medical Virtual Simulation Teaching Experiment Platform

Medical virtual simulation teaching experiment platform system is a virtual reality system with computer virtual reality and digital simulation technology as the core, biosimulation engine, processing factor database, virtual environment interface and other technologies as the support. Medical...

6.8AI score
Exploits0
Rows per page
Query Builder