Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concate
The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint `/file/showImageByPath` does not sanitize user-controlled path parameters. An attacker could exp
CVE-2025-53082
CRITICAL CVSS 9.1
Find Similar
An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, auth
Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX a
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an abs
CVE-2025-6798
CRITICAL CVSS 9.1
Find Similar
Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marv
DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary fil
CVE-2026-31216
CRITICAL CVSS 9.1
Find Similar
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authenticat
An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an au
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an au
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an au
In invoke-ai/invokeai version v5.0.2, the web API `POST /api/v1/images/delete` is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on t
CVE-2024-46088
CRITICAL CVSS 9.8
Find Similar
An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary
Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST reque
A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controll
A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0. It has been classified as critical. Affected is the function addGoods of the file GoodsController.java. The manipulation leads to
i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. At
An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request.
webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulner
Page 1+ Next →