EUVD-2026-32975

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in...

EUVD-2026-32312

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

CVE-2026-2340

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

SUSE CVE-2026-2340

A flaw was found in Samba's vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move

Summary Gotenberg blocks certain ExifTool tag names like FileName and Directory to stop attackers from renaming or moving files on the server. But ExifTool allows a longer form of the same tag — System:FileName — which does the exact same thing. Gotenberg only checks if the tag is exactly FileNam...

CVE-2026-6257

CVE-2026-6257 affects Vvveb CMS v1.0.8. A missing return in the file rename handler in the media management module enables an authenticated user to perform a two-step file-rename: first upload a text file, rename to “.htaccess” to inject PHP MIME-type directives, then rename another file to “.php...

GHSA-2943-CRP8-38XX goshs is Missing Write Protection for Parametric Data Values

Summary The SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. Details Here is the issue: go // helper.go:155-215 func cmdFileroot string, r sftp.Request, ip string, sftpServer SFTPServer error fullPath...

PT-2026-32038

Name of the Vulnerable Software and Affected Versions: goshs versions 1.0.7 through 2.0.0-beta.4 Description: goshs is a SimpleHTTPServer written in Go. The SFTP command rename sanitizes only the source path and not the destination, allowing a write outside of the root directory of the SFTP. This...

CVE-2025-48769

CVE-2025-48769 affects Apache NuttX RTOS. The flaw is a Use-After-Free in the fs/vfs/fs_rename code caused by a recursive implementation reusing a single buffer across two pointers, enabling arbitrary user-provided buffer reallocations and writes to a freed heap chunk. In affected scenarios, this...

CVE-2025-34262

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devices/name/agentid endpoint. When an authenticated user renames a device, the newname value is stored and later rendered in device listings or detail views without proper...

EUVD-2025-198234

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability allows any authenticated user to change the display names of other participants in polls without being an admin or the poll owner. By manipulating the...

CVE-2025-12427 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to...

EUVD-2018-8205

Malware in sbrugna...

EUVD-2005-3808

Malware in sbrugna...

EUVD-2018-2588

Malware in sbrugna...

EUVD-2017-9565

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-3461

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a bind mount via rename which could result in local privilege escalation. Mounting via rena...

CVE-2025-2195

CVE-2025-2195 affects MRCMS 3.1.2, where the vulnerable component is the rename function in /admin/file/rename.do (org.marker.mushroom.controller.FileController). The manipulation of the name/path argument enables cross-site scripting (XSS); the issue can be exploited remotely and exploitation ha...

CVE-2024-46085

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/rename...

CVE-2024-46701 libfs: fix infinite directory reads for offset dir

In the Linux kernel, the following vulnerability has been resolved: libfs: fix infinite directory reads for offset dir After we switch tmpfs dir operations from simplediroperations to simpleoffsetdiroperations, every rename happened will fill new dentry to dest dir's maple...