CVE-2025-26356

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua setActive endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests...

CVE-2025-26354

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua copy endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests...

CVE-2024-25738

A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...

SUSE CVE-2023-4759

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

The vulnerability of the System Settings component in MacOS operating systems allows a hacker to overwrite arbitrary files.

The vulnerability of the System Settings component in MacOS operating systems is related to reading beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to overwrite arbitrary files...

CVE-2025-26356

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua setActive endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests...

CVE-2025-26354

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua copy endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests...

CVE-2025-26354

CVE-2025-26354 concerns Q-Free MaxTime

Azure Linux 3.0 Security Update: kernel (CVE-2007-4998)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2007-4998 advisory. - cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers ...

CVE-2021-39180

OpenOLAT is a web-based learning management system LMS. A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user e.g. the tomcat user. Depending...

CVE-2025-22137

Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated if anonymous shares are allowed user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issu...

CVE-2022-24387

With administrator or admin privileges the application can be tricked into overwriting files in appdata/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010...

CVE-2022-37903

A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system...

CVE-2020-26279

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written t...

CVE-2020-26071

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service DoS condition. The vulnerability is due to insufficient input validation for specific commands. ...

CVE-2024-12252

The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remoteupdate AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite the seo-beginner-auto-post.php file which can...

CVE-2024-23459

An Improper Link Resolution Before File Access 'Link Following' vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.This issue affects Zscaler Client Connector on Mac : before 3.7...

CVE-2024-5824

A path traversal vulnerability in the /setpersonalityconfig endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the configs/config.yaml file. This can lead to remote code execution by changing server configuration properties such as forceacceptremoteaccess and...

CVE-2024-33109

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function...

CVE-2024-20401

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file...