Lucene search
K

31 matches found

NVD
NVD
added 2026/06/20 9:16 a.m.15 views

CVE-2026-12119

The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' shortcode attribute in all versions up to, and including, 6.3.7. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS0.00267EPSS
Exploits0References6
Veracode
Veracode
added 2026/05/16 5:17 a.m.14 views

Authorization Bypass

StudioCMS is vulnerable to Improper Access Control. The vulnerability is due to missing await handling for the asynchronous isAuthorized function in the S3 storage manager, where authorization checks in the POST and PUT handlers always evaluate as successful because unresolved Promise objects are...

7.6CVSS5.8AI score0.00183EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

SAP S/4HANA 安全漏洞

SAP S/4HANA is a enterprise resource management software developed by SAP, a German company, based on the SAP HANA memory database system. There is a security vulnerability in SAP S/4HANA, which stems from the lack of authorization checks. This vulnerability may lead to the deletion of operating...

4.9CVSS5.8AI score0.00158EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.12 views

AList 路径遍历漏洞

AList is a file list program developed by Xhofe, a developer from China. Versions of AList prior to 3.57.0 had a path traversal vulnerability. This vulnerability stemmed from vulnerabilities in multiple file operation handlers, which could lead to unauthorized file operations...

8.8CVSS5.8AI score0.00721EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:43 p.m.8 views

CVE-2005-1657

Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to 1 deletefolder.ctml, 2 deletemessage.ctml, 3 origmessage.ctml, or 4 readmessage.ctml, the Message.Id parameter to editmessage.ctm...

7.5CVSS7.3AI score0.01905EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2005-1729

Malware in sbrugna...

3.7CVSS6.4AI score0.00257EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-1659

Malware in sbrugna...

7.5CVSS6.4AI score0.01905EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-47090

Malicious code in bioql PyPI...

9.9CVSS9.3AI score0.17025EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 12:17 a.m.10 views

CVE-2005-1727

Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the 1 system cache folder and 2 Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."...

3.7CVSS6.3AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2024/10/01 4:15 p.m.5 views

CVE-2024-25660

The WebDAV service in Infinera TNMS Transcend Network Management System 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges...

9CVSS5.9AI score0.00535EPSS
Exploits0References2
NVD
NVD
added 2024/10/01 4:15 p.m.10 views

CVE-2024-25660

The WebDAV service in Infinera TNMS Transcend Network Management System 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges...

9CVSS0.00535EPSS
Exploits0References2
CVE
CVE
added 2024/10/01 12:0 a.m.61 views

CVE-2024-25660

CVE-2024-25660 concerns Infinera TNMS 19.10.3 where the WebDAV service can be abused by a low-privileged, remote attacker to perform unauthorized file operations. The root cause is the service executing with unnecessary privileges, enabling impact on confidentiality, integrity, and availability. ...

9CVSS7.1AI score0.00535EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/11 12:0 a.m.5 views

PT-2023-4416 · Eset +2 · Eset Endpoint Antivirus +12

Name of the Vulnerable Software and Affected Versions: ESET NOD32 Antivirus affected versions not specified ESET Internet Security affected versions not specified ESET Smart Security Premium affected versions not specified ESET Endpoint Antivirus affected versions not specified ESET Endpoint...

7.8CVSS7.3AI score0.00178EPSS
Exploits0References13
Prion
Prion
added 2021/12/06 5:15 p.m.22 views

Code injection

When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine...

6.8CVSS6.6AI score0.01166EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/11/09 11:32 a.m.28 views

CVE-2021-40358

A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions V9.0 SP3 UC04, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions...

9.9CVSS9.4AI score0.01233EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/06/23 7:6 p.m.36 views

CVE-2020-14975

The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to delete, move, or copy arbitrary files via IOCTL code 0x222124...

7.7AI score0.00598EPSS
Exploits1References2
Prion
Prion
added 2020/06/08 5:15 p.m.20 views

Command injection

An issue was discovered in LinuxTV xawtv before 3.107. The function devopen in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to...

3.6CVSS4.5AI score0.00355EPSS
Exploits0References11Affected Software6
NVD
NVD
added 2017/04/27 8:59 p.m.18 views

CVE-2017-8307

In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Avast Self-Defense is disabled. It is also...

9.8CVSS7.8AI score0.01781EPSS
Exploits1References2
Prion
Prion
added 2013/12/31 4:4 p.m.18 views

Directory traversal

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager DSM before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. dot dot in the 1 path parameter to filedelete.cgi or 2 folderpath parameter to...

7.5CVSS7.4AI score0.14885EPSS
Exploits4References6Affected Software1
Debian CVE
Debian CVE
added 2013/02/24 7:0 p.m.18 views

CVE-2013-0219

System Security Services Daemon SSSD before 1.9.4, when 1 creating, 2 copying, or 3 removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files...

3.7CVSS4.6AI score0.00366EPSS
Exploits0
Rows per page
Query Builder