CVE-2026-35491

Pi-hole FTL (FTLDNS) from 6.0 to before 6.6 exposes a vulnerability where CLI API sessions (webserver.api.cli_pw) could import Teleporter archives via the /api/teleporter endpoint and overwrite configuration, despite /api/config blocking CLI sessions. This creates an authorization bypass that let...

PT-2026-26864

The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.1. The save config function, which handles the 'punnel save config' AJAX action, lacks any capability check current user can and nonce verification. This makes i...

CVE-2021-35486

A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...

PT-2026-22761

Name of the Vulnerable Software and Affected Versions Nokia IMPACT versions through 19.11.2.10-20210118042150283 Description A Cross-Site Request Forgery CSRF issue exists in Nokia IMPACT. This allows a remote attacker to import and overwrite the entire application configuration. The issue is due...

CVE-2025-64348

CVE-2025-64348 affects ELOG (ELOG

EUVD-2023-48662

Malicious code in bioql PyPI...

CVE-2020-13451

An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros...

Dell PowerProtect Data Domain 安全漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A security vulnerability exists in Dell PowerProtect Data Domain versions 7.7.5.50, 7.13.1.10, 7.10.1.40, and prior to 8.1.0.0, which...

Linksys WRT54GL Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linksys WRT54GL Remote Command Execution', 'Description' = %q Some Linksys Routers are vulnerable to OS Command injection. You will need...

CVE-2023-44306

Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem...

CVE-2021-44737

PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files...

CVE-2018-17936

NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution...

CVE-2017-6774

A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP...

NTP Directory Traversal Vulnerability

NTP Network Time Protocol is a network protocol that synchronizes the clocks of two computers by exchanging packets. A security vulnerability exists in NTP versions prior to 4.2.8p4 and 4.3.x prior to 4.3.77. A remote attacker can exploit this vulnerability by sending NTP packets to overwrite the...

MGASA-2014-0546 Updated git packages fix security vulnerability

It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a "git pull". Because git permitted committing .Git/config or any case variation, on the pull this would replace the user's .git/config. If...