59 matches found
CVE-2026-7882
Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to an Inverted CSRF token check in the DeleteFile controller. The code throws an error when the token IS valid and proceeds with file deletion when the token is invalid or missing. This effectively disables CSRF protecti...
Concrete CMS is vulnerable to unauthorized file deletion
Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to an Inverted CSRF token check in the DeleteFile controller. The code throws an error when the token IS valid and proceeds with file deletion when the token is invalid or missing. This effectively disables CSRF protecti...
CVE-2026-7882
Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to an Inverted CSRF token check in the DeleteFile controller. The code throws an error when the token IS valid and proceeds with file deletion when the token is invalid or missing. This effectively disables CSRF protecti...
CVE-2026-7882
Summary: Concrete CMS 9.5.0 and earlier is vulnerable to unauthorized file deletion due to an inverted CSRF token check in the DeleteFile controller. The code treats a valid token as an error and proceeds with deletion when the token is invalid or missing, effectively disabling CSRF protection fo...
Path Traversal
github.com/patrickhener/goshs is vulnerable to Path Traversal. The vulnerability is due to a missing return statement in the tdeleteFile function after the path traversal check, which allows an attacker to bypass path validation and perform unauthorized file deletion through crafted traversal pat...
CVE-2026-27673 Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)
Due to a missing authorization check, SAP S/4HANA Private Cloud and On-Premise allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the...
WordPress plugin “Drag and Drop Multiple File Upload for Contact Form” has security vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
CVE-2025-14802
The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-json/lp/v1/material/fileid REST API endpoint. This is due to a parameter mismatch between the DELETE operation and authorization check, where the...
EUVD-2017-5197
Malware in sbrugna...
PT-2025-40026
Wordpress FormGent 1.0.4 - Unauthenticated Arbitrary File Deletion CVE: CVE-2025-10916 Original Researcher: Nxploited CVSS:7.5 high WPScan: https://t.co/AX48wu8IyC Cybersecurity BugBounty Hacking...
CVE-2024-5857
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2handelfileremove AJAX action in all versions up to, and including, 3.7.3.2. This makes it...
CVE-2023-4814
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to...
CVE-2022-22676
An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission...
CVE-2019-18253
An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior outside the intended directory...
CVE-2025-31182
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to delete files for which it does not have permission...
CVE-2025-31182
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to delete files for which it does not have permission...
CVE-2024-9363
An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. An attacker can delete important files within the containers, such as polyaxon.sock, causing the API container to exit...
CVE-2024-9363
An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. An attacker can delete important files within the containers, such as polyaxon.sock, causing the API container to exit...
CVE-2024-9363 Unauthorized File Deletion in polyaxon/polyaxon
An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. An attacker can delete important files within the containers, such as polyaxon.sock, causing the API container to exit...
CVE-2024-9363 Unauthorized File Deletion in polyaxon/polyaxon
An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. An attacker can delete important files within the containers, such as polyaxon.sock, causing the API container to exit...