Lucene search
K

59 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.12 views

CVE-2026-7882

Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to an Inverted CSRF token check in the DeleteFile controller. The code throws an error when the token IS valid and proceeds with file deletion when the token is invalid or missing. This effectively disables CSRF protecti...

4.3CVSS5.4AI score0.00116EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/22 12:31 a.m.5 views

Concrete CMS is vulnerable to unauthorized file deletion

Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to an Inverted CSRF token check in the DeleteFile controller. The code throws an error when the token IS valid and proceeds with file deletion when the token is invalid or missing. This effectively disables CSRF protecti...

4.3CVSS5.8AI score0.00116EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/21 10:16 p.m.21 views

CVE-2026-7882

Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to an Inverted CSRF token check in the DeleteFile controller. The code throws an error when the token IS valid and proceeds with file deletion when the token is invalid or missing. This effectively disables CSRF protecti...

4.3CVSS0.00116EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 9:17 p.m.29 views

CVE-2026-7882

Summary: Concrete CMS 9.5.0 and earlier is vulnerable to unauthorized file deletion due to an inverted CSRF token check in the DeleteFile controller. The code treats a valid token as an error and proceeds with deletion when the token is invalid or missing, effectively disabling CSRF protection fo...

4.3CVSS5.8AI score0.00116EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2026/05/14 5:32 p.m.18 views

Path Traversal

github.com/patrickhener/goshs is vulnerable to Path Traversal. The vulnerability is due to a missing return statement in the tdeleteFile function after the path traversal check, which allows an attacker to bypass path validation and perform unauthorized file deletion through crafted traversal pat...

9.8CVSS7.3AI score0.00683EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/14 12:6 a.m.27 views

CVE-2026-27673 Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)

Due to a missing authorization check, SAP S/4HANA Private Cloud and On-Premise allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the...

4.9CVSS0.00158EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.7 views

WordPress plugin “Drag and Drop Multiple File Upload for Contact Form” has security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

7.4CVSS5.8AI score0.00196EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.4 views

CVE-2025-14802

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-json/lp/v1/material/fileid REST API endpoint. This is due to a parameter mismatch between the DELETE operation and authorization check, where the...

5.4CVSS6AI score0.00295EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-5197

Malware in sbrugna...

5.5CVSS5.8AI score0.00394EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.9 views

PT-2025-40026

Wordpress FormGent 1.0.4 - Unauthenticated Arbitrary File Deletion CVE: CVE-2025-10916 Original Researcher: Nxploited CVSS:7.5 high WPScan: https://t.co/AX48wu8IyC Cybersecurity BugBounty Hacking...

7AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:29 a.m.8 views

CVE-2024-5857

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2handelfileremove AJAX action in all versions up to, and including, 3.7.3.2. This makes it...

5.3CVSS6.9AI score0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:46 a.m.7 views

CVE-2023-4814

A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to...

7.1CVSS7AI score0.00145EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 11:50 p.m.9 views

CVE-2022-22676

An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission...

5.5CVSS6.3AI score0.00684EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:41 a.m.8 views

CVE-2019-18253

An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior outside the intended directory...

10CVSS6.6AI score0.0198EPSS
Exploits0References1
NVD
NVD
added 2025/03/31 11:15 p.m.15 views

CVE-2025-31182

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to delete files for which it does not have permission...

9.8CVSS0.01161EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2025/03/31 10:22 p.m.10 views

CVE-2025-31182

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to delete files for which it does not have permission...

5.9AI score0.01161EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/03/22 11:55 a.m.7 views

CVE-2024-9363

An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. An attacker can delete important files within the containers, such as polyaxon.sock, causing the API container to exit...

7.5CVSS7.1AI score0.00984EPSS
Exploits0References1
NVD
NVD
added 2025/03/20 10:15 a.m.10 views

CVE-2024-9363

An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. An attacker can delete important files within the containers, such as polyaxon.sock, causing the API container to exit...

7.5CVSS0.00984EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.10 views

CVE-2024-9363 Unauthorized File Deletion in polyaxon/polyaxon

An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. An attacker can delete important files within the containers, such as polyaxon.sock, causing the API container to exit...

7.5CVSS0.00984EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.5 views

CVE-2024-9363 Unauthorized File Deletion in polyaxon/polyaxon

An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. An attacker can delete important files within the containers, such as polyaxon.sock, causing the API container to exit...

7.5CVSS7.6AI score0.00984EPSS
Exploits0References1
Rows per page
Query Builder