2 matches found
CVE-2026-24741 ConvertX Vulnerable to Arbitrary File Deletion via Path Traversal in `POST /delete`
ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the POST /delete endpoint uses a user-controlled filename value to construct a filesystem path and deletes it via unlink without sufficient validation. By supplying path traversal sequences e.g., ../, an attacker can...
DEBIAN-CVE-2004-0998
Format string vulnerability in telnetd-ssl 0.17 and earlier allows remote attackers to execute arbitrary code...